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VOLUME VI 
IN THE UNITED STATES ARMY 

UNITED STATES 
VS. 

MANNING, Bradley E., PFC COURT-MARTIAL 
U.S. Army, xxx— xx— 9504 

Headquarters and Headquarters Company, 

U.S. Army Garrison, 

Joint Base Myer— Henderson Hall, 

Fort Myer, VA 22211 

/ 

The Hearing in the above— titled matter 
was continued on Wednesday, June 12, 2013, at 1:30 
p.m., at Fort Meade, Maryland, before the Honorable 
Colonel Denise Lind, Judge . 
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DISCLAIMER 

This transcript was made by a court 
reporter who is not the official Government 
reporter, was not permitted to be in the actual 
courtroom where the proceedings took place, but in a 
media room listening to and watching live 
audio/video feed, not permitted to make an audio 
backup recording for editing purposes, and not 
having the ability to control the proceedings in 
order to produce an accurate verbatim transcript . 

This unedited, uncertified draft 
transcript may contain court reporting outlines that 
are not translated, notes made by the reporter for 
editing purposes, misspelled terms and names, word 
combinations that do not make sense, and missing 
testimony or colloquy due to being inaudible by the 
reporter . 
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PROCEEDINGS, 

THE COURT: Court is called to order. Let 
the record reflect all parties present when the court 
last recessed are again present in court . Court is 
called to order. 

Are there any issues we need to address? 

MR. FEIN: No, ma'am. 

THE COURT: Call your next witness. 

MR. COOMBS: No, ma'am. 

MR. FEIN: Ma'am, the United States offers 
two stipulations, Prosecution Exhibit 117 and 
Prosecution Exhibit 119. 

Your Honor, first Prosecution Exhibit 117 
Chief Warrant Officer Jon LaRue . 

(Whereupon, Prosecution Exhibit 117, 
stipulated testimony of Chief Warrant Officer Jon 
LaRue, was read into the record.) 

MR. FEIN: Your Honor, the stipulated 
testimony of Jacqueline Scott dated June 10, 2013. 

(Whereupon, Prosecution Exhibit 119, 
stipulated testimony of Jacqueline Scott, was read into 
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the record.) 

MR. MORROW: United States recalls Special 
Agent David Shaver. 
Whereupon, 

SPECIAL AGENT DAVID SHAVER, 
called as a witness, having been previously duly 
sworn to tell the truth, the whole truth, and 
nothing but the truth, was examined and testified as 
follows : 

CONTINUED DIRECT EXAMINATION: 
Q Agent Shaver, you are still under oath. 

A Yes, sir. 

Q Agent Shaver, what is a SAM or SAM file? 

A Sir, that is a systematic, systematic 

assist manager. What that is, part of the Microsoft 
security. It is a file within XP operating system. It 
contains both the user names and part of the encrypted 
password. 

Q Now, what do you mean by part of the 

encrypted password? 

A Sir, I'll explain it. I'll explain how. 
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Q Okay. Take your time. 

A Encrypted works . When you log into a 

computer you type your password in. It's plain text. 
You can see it . 

Well, what the computer does is it takes 
that plain text password and passes it through a 
mathematical algorithm and creates a hash value . This 
is a first step of a security feature. Storing 
passwords in plain text is not very smart . Bad people 
can get them very easily. It as hash value and breaks 
it up into two parts, part goes to the SAM file and 
part of it goes to the system file . 

This is another security feature to have 
the password, the hash and password broken up into two 
pieces and finally when the computer is running the 
system files, the SAM and system files are locked, 
whereas a normal user cannot access them. 

Q Now, what users of a computer could access 

the system file and SAM file? 

A You would have to have administrative level 

privileges . 
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Q If you don't have administrative level 

privileges what is another way you can view the SAM or 
system file? 

A You could recruit the boot and use Linux 

operating system which is a configure to run off of the 
CD. So it doesn't actually install, it runs from it. 
Then you can navigate to the SAM or system file and 
view the contents . 

Q Let's back up. What do you mean by, so 

what is Linux first? 

A Sir, that's just another operating system. 

Q And what do you mean by booting the 

computer from a CD? 

A Well, you first off, you need to download 

from the internet a Linux distribution. You would burn 
it from an ISO file which you download and burn it to a 
CD. 

Then you would basically, when the computer 
boots up, you would see like the Dell screen, for 
example, it may say something press F9 to boot from CD. 
Q Now, let me stop there. Where would you 
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find the Linux operating system? Free on the internet? 
A Yes, sir. 

Q And if you burned a CD with a Linux 

operating system on it, at least on a Macintosh or 
Apple, Macbook Pro, where would you see evidence of 
that? 

A That would be the disk utility log file. 

MR. MORROW: Retrieving Prosecution Exhibit 

125. 

I'm handing the witness Prosecution Exhibit 

125. 

BY MR. MORROW: 

Q Agent Shaver, do you recognize that 

document ? 

A Um — 

Q Take a couple minutes to review it . 

A Yes, sir. This appears to be the disk 

utility log file. 

Q And did you review this disk utility log 

file? 

A Yes, sir; I did. 
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Q When you reviewed it, did you observe any 

activity that would suggest that a Linux operating 
system was burned to a CD? 

A Yes . 

Q Can you point out multiple places or just 

one place. 

(Witness reading.) 
A There are multiple places, sir. 

Q What ' s the first example? 

A Line 112. 

Q Okay . 

MR. MORROW: Permission to publish, Your 

Honor? 

THE COURT: Go ahead. 
BY MR. MORROW: 

Q I am publishing page 3 of Prosecution 

Exhibit 125. 

Agent Shaver, can you explain the 
information contained in line 112 and below, please? 

A Sure. Yes, sir. On February 1st, 2010 at 

1317 hours local time, the burning image, the file name 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



system rescue dash X8 6— 1.3.5 dot iso, it talks about 
the log file and shows it preparing data for burning. 
Opening session. Writing session. Closing. 
Verification. And finally line 129 says burn complete 
successfully . 

Q And based on your review of the disk 

utility log, did you observe or what are the other 
dates you observed, approximately observed a — 

A Early March 2010. 

Q I'm publishing page 8 of Prosecution 

Exhibit 125. 

Again, explain the information in line 365. 
A Sir, can you slide that a little further up 

so I can see it further down? 
Q Sure . 

A Other way. 

Q Other way. 

A Yes, sir. Line 365 says on March 2nd, 2010 

17:48:51 hours burning image system rescue CD dash 
X86— 1.3.5 dot iso. And then at line 382 it shows that 
the burn completed successful . 
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Q Now, again what is the dot ISO mean? 

A That ' s an image file for a CD . 

Q And how do you know that, just looking at 

that, how do you know that's a Linux operating system? 

A I have actually burned this disk to CD and 

utilized it, viewed the contents. 

Q Now, let ' s say that you boot a separate 

computer using a CD with Linux on it, how would you 
view the SAM file? 

A What you do is boot to CD. The operating 

system would come up. You would have to basically 
mount the hard drive. Mounting is making it accessible 
to the Linux operating system. Navigate to the SAM 
file and you would use a hex editor to view the 
context . 

Q What ' s a hex editor? 

A To view the contents of Microsoft Word 

document, you would use the program Microsoft Word. 
The SAM file is a database . It ' s a registry file . 
It ' s complicated file but a hex editor can view the 
contents . 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



MR. MORROW: Retrieving Prosecution Exhibit 
130 for identification. 

People handing the witness Prosecution 
Exhibit 130 for identification. 
BY MR. MORROW: 

Q Do you recognize those images? 

A Yes, sir; I do. 

Q And what are they? 

A These are two screenshots I created. The 

first one is of a chat that was recovered from PFC 
Manning's personal Macintosh. The second is a 
screenshot of the EnCase program of viewing the SAM 
file from the dot 22 computer. 

MR. MORROW: Permission to publish, Your 

Honor . 

THE COURT: Go ahead. 
BY MR. MORROW: 

Q Can you see that Special Agent Shaver? 

A Yes, sir. 

Q Let ' s start here . Do you see the line that 

says dawgnetwork and there ' s a series of numbers and 
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letters 80C1104? 

A Yes, sir. 

Q What is that? 

A That is a hex value, a part of the SAM file 

from dot 22 or dot 40. 

Q And how do you know that? 

A I examined both computers specifically the 

SAM file but the entire computer and (INAUDIBLE) 
allocated to find the unique string and it was only 
located within the SAM file of the dot 22 or dot 40 
computer . 

Q Based on the presence of that string of 

numbers and characters in the chats, what does that 
tell you? 

A Somebody had gained access to the SAM file 

to find that unique string. 

Q Other than being administrator, is that the 

only way you would be able to gain access to that 
string of numbers and letters? 

A There may be some hacker tools out there 

but the most common way would be to use a Linux CD to 
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do this . 

Q Did you verify whether the SIPRNET 

computers associated with PFC Manning could be booted 
from a CD? 

A Yes, sir. I turned it back into a virtual 

machine . 

Q Let's stop. What's a virtual machine? 

A Sir, again a virtual machine would be, your 

computer would be the host, in my case the Windows 
machine, but the guest operating system, the virtual 
machine, could be anything, Linux, Mac, Windows. 

Q And explain the process of booting that you 

went through here . 

A Very simple . I just burned the same system 

rescue CD that I found on PFC Manning's personal 
Macintosh computer, burned the CD. Restored the — 
created the virtual machine and booted the virtual 
machine from that CD . 

Q Once you booted the virtual machine, what 

did you do next? 

A I then navigated to the SAM file and I was 
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using the hex editor, was able to view the contents. 

Q And ultimately, why would somebody be 

interested in the contents of a SAM file? What's 
contained in that? 

A Again, users names. 

MR. HURLEY: Objection. Calls for 

speculation . 

THE COURT: Do you know what's in there? 
THE WITNESS: Yes, ma'am. 
THE COURT: Overruled. 
A User names and part of a hash of a 

password. 

Q Finally, what's a rainbow table? 

A Rainbow table. As we talked about, 

passwords are hash values . That ' s how they use 
mathematical (INAUDIBLE) to create hash table. Rainbow 
table, you regenerate known hash values. So you have 
dictionary attacks that have already generated hash 
value and then you have a program that checks it . The 
passwords, the hash value to see if they match. It 
would speed up cracking or decrypting passwords . 
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Q And why do you use a rainbow table? 

A It's, it's faster to decrypt a file, a 

password. And in this case you have the hash value of 
a user ' s account . The rainbow tables would be tailored 
to attack that and it would take just moments on a good 
computer to crack a password. 

Q And in this case the hash value 80C1104, 

what was that hash value associated with in the SAM 
file? 

A That's the thing, sir. In this case, the 

person who did this only got part of the hash value . 
It ' s not quite right . But it appears to be from the 
user's account FTP user. 

Q What is the FTP user account? 

A That ' s just a user account . It was on both 

22 and 40 as probably part of the original build that 
was pushed out . It would just be another local account 
on the computer. 

MR. MORROW: Your Honor, move to admitting 
Prosecution Exhibit 130 into evidence as Prosecution 
Exhibit 130. 
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MR. HURLEY: No objection, Your Honor. 
THE COURT: Prosecution Exhibit 130 is 

admitted. 

May I see it, please? Thank you. 
Thank you Agent Shaver . 

THE COURT: Cross-examination? I'm sorry. 

MR. MORROW: I'm handing Exhibit 125 back 
to the court . 

CONTINUED RECROSS BY MR. HURLEY: 
Q Good afternoon, Agent Shaver? 

A Good afternoon, sir. 

Q Now, you just testified that the hash value 

that was included in the chat was not the full hash 
value? 

A That ' s correct . 

Q So in order for a person to actually gain 

access to the passwords contained in the SAM, they 
would have needed more of the hash value? 

A Yes, sir, I mentioned the system file, you 

would need that part as well . 

Q So the hash value included in the chat 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



wouldn't be enough to actually gain any passwords or 
user information? 

A Correct . 

MR. HURLEY: No further questions. Thank 

you . 

THE COURT: Redirect? 

MR. MORROW: No, Your Honor. 

THE COURT : Temporary or permanent excusal 
MR. MORROW: Temporary, Your Honor. 
THE COURT: Once again, you're temporarily 
excused. Same rules apply. 

THE WITNESS: Yes, ma'am. 

MR. FEIN: The United States asks for a 
10— minute recess. It went a little faster than we 
planned, just to get the other witnesses . 

THE COURT: Court is recessed until ten 
after 1400 or 2:00 o'clock. 

(Recess taken.) 

THE COURT: Please be seated. Court is 
called to order. 

Major, please account for the parties. 
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MR. FEIN: Yes, ma'am. All parties are 
present with the exception of Captain Morrow, Captain 
Whyte and Mr . von Elten are present . 

MR. Von ELTEN: Ma'am, the United States 
calls Greg Weaver. 
Whereupon, 

GREGORY WEAVER, 
called as a witness, having been first duly sworn to 
tell the truth, the whole truth, and nothing but the 
truth, was examined and testified as follows: 

DIRECT EXAMINATION BY MR. Von ELTEN: 

Q Are you Greg Weaver of Bristow, Virginia? 

A Sir, yes, I am. 

Q Good afternoon, Mr. Weaver. 

A Good afternoon, sir. 

Q What is your military experience? 

A Sir, I'm a retired noncommissioned officer. 

I retired in 19*7 as a retired noncombat (INAUDIBLE) . 
Last duty assignment was out of the Pentagon. 

Q What did you do in your last duty 

assignment? 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



22 

A In my last duty assignment for the military 

I was the Army operations center team lead working 24/7 
operations in the Army op center, directly reporting to 
the secretary and chief staff of the army. 

Sir, today I lead a compliance branch team 
of military and civilian personnel, the compliance 
branch underneath the compliance division of Army Cyber 
Command, a newly formed organization to report on 
compliance activities across the Army. 

Q What else does that entail? 

A Sir, predominantly we are the reporting 

agency for all inspections, all compliance inspections 
across the Army, the conduct of lessons learned, the 
computer network defense service providing services 
associated with our Cyber Mission, plus a number of 
administrative duties . 

Q Mr. Weaver, what is information assurance? 

A Sir, information assurance, the foundation 

principles of information assurance is a united 
approach by which we get after the confidentiality, 
integrity and availability non— (INAUDIBLE) of systems 
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and information systems and information in general to 
ensure its security and reusability or usability within 
the Army. 

It's a, it's not a standalone, not a 
standalone concept but it incorporates many facets of 
other security disciplines and not just information 
assurance . 

Q What metrics do you use to measure 

information assurance? 

A Sir, there's many metrics to measure 

information assurance. One of them would be compliance 
inspection. One of them would be reporting, 
assessments in general, how well an individual or 
organization is evaluated from an operational 
standpoint as to how well they perform information 
assurance, using guidelines, decision, standards, 
checklists, best practices and so forth. 

Q How long have you been in this position? 

A In this position, sir, just over, since 

November of 2011. 

Q What position did you hold prior to your 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



current one? 

A Prior to this I was a contract support to 

the Department of Defense and the Defense (INAUDIBLE) 
Information Assurance Program at the DoD CIO ' s office 
serving capacity as a subject matter expert in the 
areas of information assurance, computer network 
defense and other technology areas associated with 
policy and procedures . 

Q How long did you hold that position? 

A Sir, it was just over 13 months. 

Q What certifications do you possess? 

A Sir, currently I am a Certified Information 

Systems Security Professional and SANS global 
information assurance certified incident handler. 

Q What does the CISSP certification mean? 

A Sir, it's a, it's the top level preeminent 

security professional, security certification required 
for information assurance professionals within the DoD 
and it ' s an industry recognized certificate for the 
industry in general . 

Q Why do you have that certification? 
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A Two reasons . Professional respect and 

responsibility of the professional so it serves as an 
indicator of the expertise and secondly it is a 
requirement within the Army if you maintain an 
information assurance position to hold such 
certifications as they are identified by your unique 
description or position. 

Q What does your SANS certification signify? 

A The SANS certification is a longstanding 

certification I maintained since 2001. It is the 
certified information, it's a certificate of ability to 
perform incident response, incident handling for 
systems and networks that have had an intrusion or 
event . 

Basically how to prepare for, respond, 
react and follow up with any system or network that may 
have been intruded upon or events that may have 
occurred on the network. 

Q How long have you been working in 

information assurance? 

A Sir, since 1998. 
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Q What were you doing when you began working 

in information assurance? 

A Sir, when I began I originally started in 

this career field after I retired from the service . I 
was a team member of the Army Computer (INAUDIBLE) 
Response Team, contractor support in support of the 
Army's cert standing out and formalizing a brand new 
organization to establish computer emergency response 
processes within the Army and across the five theaters 
that we had at the time and their cert procedures and 
then as well as or reporting to and supporting the 
Department of Defense, DoD, DIS and at the time JTFG 
and now Cyber Command. 

Q Let ' s talk about AR25 . 

A Yes. 

Q Are you familiar with it? 

A Yes . 

Q How? 

A In 2002 I began work with the Army CIOG6 by 

leaving the Army computer emergency response team and 
went to the Army CIOG6 . My primary duties and 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



responsibilities when I got there was the authoring of 
AR25— 2 and then predominantly was the sole author and 
responsible for creating, staffing, collaboration and 
eventually publication of AR25— 2. 

Q What version did you write? 

A The initial version it was published in 

2003 and then the two subsequent versions in 2007 and 
then the rapid action revision in 2009. 

Q And how many versions are there? 

A Currently 2009 rapid action revision is the 

current 25-2 . 

Q What was the first version? 

A It was just information assurance 25—1 

dated 2003. 

Q How long did you spend drafting AR25-2? 

A I spent approximately nine months of 

dedicated effort to creating and drafting the 
regulation from the DoD and Army directives at the 
time . 

Q What other documents related to AR25— 2 have 

you drafted? 
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A I've helped direct authorship of 

approximately best business practices over the course 
of about four years in 2003 to 2007. Either the 
principal author or co-author of best business 
practices . 

Q What is AR25-2? 

A Sir, AR25-2 establishes the standards and 

processes and procedures by which regulatory 
requirements of Army efforts to instill or to apply 
information assurance practices for the network 
security across the Army. 

Q To whom does AR25-2 apply? 

A Sir, it applies to everybody and if you sit 

or — it applies to all users . Obviously applicable to 
who are responsible for filing AR25— 2, commanders, 
designating accredited officials are required to follow 
the rules and policies associated with AR25— 2 and the 
design of their systems and incorporate IA principals 
in the policy, Army Reserve, National Guard, medical 
community, Corps of Engineers and so forth. Applies to 
everybody within the Army. 
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MR. Von ELTEN: I'm retrieving Prosecution 
Exhibit 95 for identification . 

THE COURT: Come on up. 
BY MR. Von ELTEN: 

Q Handing it to the witness. 

A Thank you . 

Q Do you recognize that document, Mr. Weaver? 

A Yes I do sir. It's AR25-2 . 

Q What is it? 

A It ' s a rapid action revision dated 

March 23, 2009. 

Q How do you recognize it? 

A It is the format by which the Army 

publishes Army regulations . This one is in single page 
format . 

MR. Von ELTEN: Ma'am, the United States 
offers Prosecution Exhibit 93 for identification . 

THE COURT: (INAUDIBLE) is this something I 
took judicial notice of? 

Are they already admitted or are we 
admitting them now? 
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MR. FEIN: Ma'am, they have not been 
separately marked at all . Although we have taken 
judicial notice and the government has the consolidated 
list for the court and has not given that to the court 
yet . But none of the items have been printed or 
marked . 

THE COURT: Any objection, Defense? 

MR. HURLEY: No, ma'am. 

THE COURT: Thank you. May I see it, 

please? 

Prosecution Exhibit 93 is admitted. 
MR. Von ELTEN: Retrieving it from the 

witness . 

BY MR. Von ELTEN: 

Q Mr. Weaver, let's talk about the acceptable 

use policies . 

A Yes, sir. 

Q What is an acceptable use policy? 

A Sir, an acceptable use policy is mandated 

by DoD for all users to acknowledge and comply . It ' s a 
signature, with a signature. It outlines the 
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procedures and the policies associated with appropriate 
use of government systems and on a government network 
or system in general as provided by the government to 
outline the standards and outline the standards by 
which users are held accountable to conduct and 
behavior while on or operating with that system. 

MR. Von ELTEN: Permission to publish, 

ma ' am. 

THE COURT: Go ahead. 
BY MR. Von ELTEN: 

Q Mr. Weaver, do you recognize this section? 

A I do, sir. 

Q What is it? 

A This is one of the subparagraphs — 

THE DEFENSE: We're going to object based 
on relevance. PFC Manning is charged with violating 
specific sections of 25—2. This is not one of these 
sections . 

THE COURT: Where are you going with this? 
MR. Von ELTEN: To establish the framework 
by which 25-2 establishes acceptable uses. 
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THE COURT: Is this going to be a long 

discussion? 

MR . Von ELTEN : No , ma ' am . 

THE COURT: All right. I'll overrule the 
objection. Go ahead. 
BY MR. Von ELTEN: 

Q What does the acceptable use policy do? 

A So, sir, what you see here is the wording 

manner that is prescribed as a requirement to access 
any information system. It is the warning banner that 
is part of the display of any users ' access to 
information and the users agreement outlines the 
standards by which that access is also permitted in 
addition to the warning banner . 

THE COURT: Captain von Elten, what pages 
of the regulations am I looking at? 

MR. Von ELTEN: 26. 
THE COURT: Thank you. 
BY MR. Von ELTEN: 

Q What uses does it authorize? 

A That the AUP outlines the appropriate use 
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of the information system other than or in addition to 
the additional authorized use of that, of that system 
for conduct of government business . This warning 
banner also outlines that there ' s no expectation of 
privacy with that, with the exception of that which is 
already controlled by other policies such as legal or 
medical restrictions . 

Q How are government means (sic.) determined? 

A Means? 

Q Government needs determined? 

A Usually by the commissioner, by the command 

or by the organization that owns that system or has 
accredited that system for use decides or determines 
what that need is, sir. 

Q Are AUPs required? 

A They're required. 

Q How long have they been required? 

A Since that Regulation 25—2. This version 

was a rapid action revision because of the requirement 
by DoD to change the mandate, the acceptable use. So 
in 2009 this RAR was published. 
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Q Why are AUPs used? 

A The AUPs are basically an agreement between 

the government or the organization and the user. 

The user signs it understanding that the 
rules and responsibilities they have on that network 
are the rules and responsibilities that they have in 
the performance of their duties as well as acknowledge 
their responsibility and when authorized, when you can 
use the government system for nonof f icial use . 

However, but it's still authorized such as 
NWR support or e-mail to a user, civilian web mail or 
something like that . 

Q What does AR paragraph 1-5 J prohibit? 

A Sir, 1—5 J prohibits or specifically 

prohibits actions and functions within the Army 
associated with the use of information systems and IA 
principles . 

Q What are code examples? 

THE DEFENSE: We're going to object again. 
This man is not charged with violating that division of 
AR25-2 . 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



THE COURT: Then why are we discussing it? 



MR. Von ELTEN: Establishing framework, 



Your Honor. My last question. 



THE COURT: All right. Go ahead. 



A 



Your question again, sir? 



Q 



A few examples . What are a few examples of 



activities prohibited in 1-5J? 



A 



So those violations are covered in the 



regulation in bolded text throughout the regulation 
specifically. Some violations would be unauthorized 
use of the system, installing or downloading or 
accessing information, installing or downloading 
software, accessing information which is outside the 
control or boundaries of authorized use, failure to 
scan systems for malicious content, uploading 
personnel, personnel files or personal content that is 
not DoD related. 

Q Let ' s talk about information assurance 

training. 

A Sure . 

Q Are you familiar with information assurance 
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training? 

A I am. 

Q How are you familiar with it? 

A Both as a user I am required by the same 

policy to take training every year and as a SME for IA 
within the Army I've contributed to some of the content 
associated with the initial versions of the information 
assurance training. 

Q What policies required IA training? 

A The AR25— 2 requires training on an annual 

basis . DoD also requires as part of their policies 
that all users within the Department of Defense 
conducting information assurance training annually. 

Q How does a user complete his obligations to 

complete information assurance training? 

A Both the Army and the DoD have instituted 

online CPT based, computer based training, so it ' s 
accessible through the web. So it's very easy to 
accomplish . 

Q What does it take to accomplish that? 

A Log on with the website, go through the 
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scenario— driven computer based training. You have a 
certificate at the end of it that you digitally sign or 
print it out and sign. 

Q What does it take to earn that certificate? 

A Completion of the training, sir. 

So you have to answer at least 10 questions 
or 20 questions, I'm not sure what it is at the end of 
the test and you obviously have to pass or you have to 
do it again . 

Q And how long has this training been 

required? 

A The training within the Army has been, 

since before 2009 when DoD instituted the DoD level 
training, the Army adopted the DoD training and just 
used that as a standard. 

Q What work did you do in developing IA 

training? 

A So prior to the DoD integration — 

THE COURT: Yes? 

THE DEFENSE: Your Honor, we object on 
relevance and we would also ask the judge to take 
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judicial notice of DoD IA training as completed it a 
number of times . 

THE COURT: Where are we going with this? 

MR. Von ELTEN: Ma'am, United States is 
offering this for evidence of PFC Manning's knowledge 
because he completed IA training and we ' re going to 
discuss the contents of the training he would have 
completed. 

THE COURT: Which of these specifications 
has a knowledge element? 

MR. Von ELTEN: Ma'am, the 104 
specification requires knowledge. He did complete the 
training . 

THE COURT: This training is relevant to 
the 104 specification? 

MR. Von ELTEN: Yes, ma'am. 

THE COURT: All right. Make it — go ahead 
and make it, make it brief on this portion, okay. 
MR. Von ELTEN: Yes, ma'am. 
I'm retrieving Prosecution Exhibit 7. 
THE COURT: Overruled. 
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BY MR. Von ELTEN: 

Q Mr. Weaver, do you recognize these CDs? 

A Yes, sir. These are two DoD information 

assurance IA training CDs by DoD and downloadable. 
It's also, you can order through the DoD for use 
remotely or as needed by users . So this is also an 
acceptable way to do the training. 

Q What versions are they? 

A 2000 — Version 7 and Version 8. 

Q And how do you recognize those? 

A Sir, they're identified by the version 

number at the bottom corner of the CDs . 

Q How do you know the contents of the CDs? 

A The contents of the CDs are basically the 

web pages in the CD format . They ' re the same I A 
training that was applicable at the years or the 
versions these were published. 

Q Have you seen those CDs used? 

A Yes, sir, I have. I have a copy of my own. 

Q With those specific CDs? 

A The Version 8, yes, sir. 
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MR. Von ELTEN: Ma'am, United States 
offers — it's already been, sorry. 
BY MR. Von ELTEN: 

Q What kind of threats does that information 

assurance cover, the training? 

A Sir, the IA training, it covers a multitude 

of issues. One of them being user training, user 
password, security. Security classified information. 
Army phishing or phishing threats, general threats in 
particular through a variety of different methods that 
users might be suspect to or receive e-mail threats, 
viruses, malware and so forth. 

Q What kind of outside threats are identified 

in the training? 

A Specifically, some of the outside threats 

would be just factors, trying to do phishing attacks or 
other similar attempts to gain access networks through, 
through malware or digital e-mail or phishing, calling 
you up on the telephone . So both physical security and 
technical security or IT security. 

MR. Von ELTEN: Retrieving Prosecution 
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Exhibit 7. Returning this to the court reporter. 
BY MR. Von ELTEN: 

Q Let ' s talk about some of those I A threats 

you identified. 

Let ' s talk about the bad content in 

particular . 

MR. VonElten: Permission to publish, Your 

Honor? 

THE COURT: Go ahead. 
BY MR. Von ELTEN: 

Q This is page 22, Prosecution Exhibit 93. 

Do you recognize this, Mr. Weaver? 
A Yes, I do, sir. 

Q What does paragraph 4— A3 prohibit? 

A Sir, 4— A3 prohibits the modification of 

information system for the software to use it for any 
manner other than intended purpose or added user 
configurable or unauthorized software such as and not 
limited to instant messaging, commercial internet chat, 
(INAUDIBLE) environments where you allow your system to 
be used by somebody else and those are descriptive in 
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nature or examples, not all inclusive. 

Q What is the purpose of the prohibition? 

A Sir, the intent of this prohibition was to 

prevent, clearly identify the prohibition of users 
without proper authority to add application software or 
other content to assist by which is not accredited and 
processed. 

Q And who has the authority to make those 

changes? 

A Sir, the authorities to make those changes 

would be an authorized system administer who has been 
given the responsibility to change that system for 
compliance to vulnerabilities or patching as it ' s known 
or a DAA, designating accrediting authority, who has 
determined the appropriate software that ' s authorized 
to be installed on a network or on a system by which 
users can use that piece of application or piece of 
software . 

And then commander obviously has some of 
that responsibility as well. 

Q What kind of modifications are prohibited? 
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A Sir, there's a number of modifications that 

are prohibited. Usually anything that the user would 
do that would violate the integrity of the system is 
prohibited. 

And the installation of unauthorized or 
unaccredited software for which no risk analysis has 
been done or no acceptance of that risk has been done, 
that would be prohibited. 

Sharing the information or sharing your 
computer information or at the time user ID and 
passwords with another individual would be prohibited 
action as well. Sir, that's just — 

Q Just broadly, what is the process for 

adding software? 

A For a, for a user or for — 

Q For a user. 

A So for a user, sir, the process would be if 

you've identified a need, you would ask your IT support 
specialist, whoever that might be, your system or 
network administrator, your supervisor, justifying the 
requirement that you have a requirement to fulfill and 
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you don't necessarily get to dictate the solution, you 
dictate or you ask for the requirement and allow the 
system network administrators, the ID, the commander 
and the DAA to determine the method by which the 
requirement is filled. 

So users don't specify, normally don't 
specify a specific use of a piece of software . They 
can make recommendations but it ' s still the 
determination of the commander . 

Q What defines the limits of a user's 

authorization to use a government information system? 

A The limit is imposed by obviously his duty, 

his responsibility associated with why he needs access 
to the system or limited access to the system and/or 
his responsibility associated with that action or maybe 
part of his job and requires access to information 
technology on the daily occurrence of his mission. 

Q Who determines the parameters of the 

mission? 

A Commanders establish the parameters and 

supervisors where they may fall in, establish those 
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parameters 



Q 



Whose account is a user allowed to use? 



A 



Only to be used by the user. 



Q 



What permission levels does a user normally 



receive? 



A 



Generally permission of a normal user is 



basically read accessibility to use a system as it was 
configured with whatever permissions or roles that the 
system has or they use it like the applications like 
Microsoft Office ability to create work files, to 
create Excel spreadsheets and so forth. So he or she 
has been given those roles and responsibilities to use 
the technology as it was designed or as it was 
provided. 

Q Let ' s talk a little bit about insider 

threats . 

A Yes, sir. 

Q What is paragraph AR25— 2 paragraph 4— 5A4C? 

A So the, this paragraph outlines the 

prohibition by normal users or those not authorized to 
conduct this activity to bypass or circumvent the 
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security parameters that ' s been installed or part of a 
operation or part of the design of the system. 

Q How does a user bypass those mechanisms? 

A Traditionally as a incident he would have 

to or she would have to install or modify the system in 
some way in order to allow them to elevate the 
privileges on that computer so they can gain access to 
the box at a higher level or privileged level or, you 
know, somebody has granted them unauthorized access. 

Q What are a couple of ways a user could 

bypass those mechanisms? 

A So there ' s a number of ways . One would be 

obviously to install a piece of software or application 
or coding that would change the authorization level of 
his system. Another way would be to find applications 
or capabilities that would elevate his privileges 
without changing the access control process and 
enabling him to do more than he would be authorized to 
do, or coerce somebody to change it for him, you know, 
as a friend or as a unauthorized action or part of the 
system network demeanor to grant him — 
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Q What effect would using a bootable CD have? 

A A bootable CD could have numerous effects . 

It depends upon how the CD was written or crafted. 
Obviously could quickly change the access (INAUDIBLE) 
controls of the user giving him elevated privileges. 

Q What if the bootable CD used a different 

type of operating software? 

A It ' s feasible to get access to the system 

such so that it would circumvent the security and 
controls of the (INAUDIBLE) . 

Q Mr. Weaver, what tools can be automated on 

a computer system? 

A What tools can be automated? 

Q Yes, sir. 

A Pretty much anything you want to do on a 

computer system could be automated if you had the right 
tools to craft the software or application to do 
whatever you needed to do. 

Q What tools can a user add to automate a 

process? 

A Sir, what tools can a user add to automate 
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a process surrounding those tools by which he has 
access to, for example Excel. He would automate the 
extraction or the publication of content from a 
spreadsheet for example on a regular basis . Or other 
tools that might be that allows the automation to occur 
in an automated manner. It does not equate to his 
ability to install applications or software which would 
automate those tasks for him without the system network 
administrator giving that approval or DAA giving that 
approval to do that . 

Q Mr. Weaver, are you familiar with Wget? 

A I am vaguely familiar, yes. 

Q How does it work? 

A As I understand, Wget is basically an 

application that allows you to download files or do 
entire content downloading of a website and/or an FTB 
site in an effort to gather all the information from 
that site, basically mirroring a site, copying the 
whole site local to a local drive or whatever . 

Q When is a user allowed to add Wget? 

MR. TOOMAN: Your Honor, we'll object to 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



personal knowledge of Wget . 

THE COURT: What are you objecting about? 
The witness said he was familiar with it . 

MR. TOOMAN: Well, like, we would like to 
explore how the witness is familiar with Wget and the 
extent of the familiarity. 

THE COURT: You can do that on 
cross— examination . 
BY MR. Von ELTEN: 

Q Mr. Weaver, what does paragraph 4— 17A 

state? 

A I don't have that one memorized, sir. 

Q Is there anything that can refresh your 

memory? 

A Just the leading sentence, sir. 

THE COURT: Why don't you publish it. 

MR. Von ELTEN: Okay. 
A Sorry, I don't have them all memorized. I 

used to but not anymore . 

So your question again sir, I'm sorry. 
Q What is the purpose of paragraph 4-1 7A? 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



MR. TOOMAN : We'll object to the relevance. 
Again PFC Manning is not charged with violating 4—17 . 

THE COURT: Where are you going with this? 

MR. Von ELTEN: Ma'am, going with this that 
the user of the government system has a personal 
responsibility to follow the rules and this is an 
example of the rule . 

THE COURT: Are we going to go through 
every paragraph? 

MR. Von ELTEN: Ma'am, this is the last 

paragraph . 

THE COURT: It is? 

MR. Von ELTEN: Yes, ma'am. 

THE COURT: Okay. Keep it that way. 
A So to answer your question, sir, this 

paragraph allows responsibility associated with 
protecting media, retrieving or inserting from the 
information system, or any removable media or CD is 
inserted and removed from a classified system should be 
treated as such until such time it is properly cleared 
by the appropriate person or personnel . 
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Q How does personal responsibility affect 

implementation of AR25— 2? 

A The users are INAUDIBLE) , the base, the 

person with responsibilities for conduct of security 
information and information systems relies upon the 
user to do the right thing many times . 

Technology is advancing rapidly. Policy 
doesn't always keep up with the technology. So with 
the guidance of the user, the user has the 
responsibility and it ' s entrusted to him and not to 
exceed the authorities and not exceed their permission 
and to protect that information and any information 
systems by, that they do business on and to report any 
anomalies or violations that they may see to their 
appropriate security officials . 

Q Mr. Weaver, when is the user allowed to 

install Wget? 

A Never, sir. That user wouldn't have those 

permission . 

MR. Von ELTEN: Returning Prosecution 
Exhibit 93 to the court reporter. 
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Nothing further . 

THE COURT: Cross? 

MR. TOOMAN : Yes, ma'am. 

CROSS-EXAMINATION BY MR. TOOMAN: 
Q Good afternoon, Mr. Weaver. 

A Good afternoon, sir. 

Q Mr. Weaver, do you know what an executable 

file is? 

A Yes, sir. 

Q What is it? 

A It's a, an executable file would allow for 

a program application to run its directions or 
instructions by the system that would execute that file 
or program, instructions . 

Q Okay. Do you know whether or not the S2 

section of PFC Manning's unit, C210 Mountain Division, 
do you know whether or not they permitted executable 
files to be run on their — 

A I do not know that answer . 

Q Sir, you talked a little bit about the IA 

training and threats that are discussed within that 
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training. Is al— Qaeda discussed specifically in that 
training? 

A There are, the foreign threats, sir, are 

discussed in the current versions of the training. I 
don't remember if it was in previous versions but they 
do talk to — usually state your foreign actors in the 
training so, you know just another series of bad guys. 

Q Okay. To the extent you can remember those 

past versions, are those foreign groups just grouped 
generally or are they specifically listed? 

A They are specifically listed by activists, 

activists, hacker, insider threat, foreign state. So 
there's a number of them. I don't remember the exact 
numbers . There ' s a group . 

Q So those are broad categories, they don't 

get specific for, example, and say al-Qaeda? 

A No, that would cross some of the boundaries 

of potentially classified or extremely sensitive 
information. Obviously the CDs are not designed for 
those . 

Q So based on that answer, I assume that they 
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don't specifically mention al— Qaeda in the Iranian 
peninsula either? 

A I don ' t believe they do . 

Q And you would say that the IA training also 

doesn't discuss whether or not specific groups use the 
internet, particular internet sites? 

A I — so as a general user you probably 

would not make that inference as an IA guy with access 
to classified. You could say that's easily seen in the 
videos . 

Q But the training doesn ' t say al-Qaeda uses 

WikiLeaks? 

A No. 

Q Or al-Qaeda uses ESPN.com? 

A Not that I know of, no, sir. 

Q Now, you talked about AR25— 2 and the 

punitive paragraphs and the purpose of AR25— 2 was to 
give some teeth to the IA regulation, correct? 

A That is a true statement. Yes, sir. 

Q And while its intention was to give teeth 

you would also say that AR25-2 is open to 
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interpretation? 

A As all regulations are, sir. They are open 

to interpretation, yes, sir. 

Q And indeed AR25— 2 from your view is a 

regulation that really, the decisions about what's 
authorized and what ' s not authorized should be made at 
the unit level, correct? 

A No, sir. I disagree. The AR25— 2 redlines 

standard Army practices and principles by which a IA 
should be conducted understanding it is a part of the 
antisecurity domain, not just a piece of the security 
functions. It incorporates, you know, the guidance and 
the responsibility that it's not just one thing. 

Q So AR25-2 sort of provides a baseline 

standard? 

A Yes, sir. 

Q You would agree, though, that a commander 

in a unit could deviate from AR25— 2? 

A A commander by his position would have the 

authority to do so but he would do so with the advice 
and understanding of his security staff, his G6 staff, 
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his intelligence staff. It's not a decision he would 
execute unknowingly or without merit and he could still 
be subject to a higher level authority which he would 
have to rescind that authorization. 

Q So the individual would consider kind of 

the pros and cons and if they deviated from AR25— 2 they 
would assume some risk? 

A Yes, sir. But in my experience that risk 

is usually surfaced at a higher level to ensure that it 
doesn't impose a greater risk across the enterprise or 
across the Army. So in my experiences dealing with 
exceptions or waivers to AR25— 2 it is always done in 
concert with the commander and not solely by the 
commander. He makes those decisions with the advice of 
not only the local staff but higher core staff and many 
times at the Army level . 

Q You would agree that a deviation from 

AR25— 2, if there were a deviation and a commander or a 
supervisor had approved it, you wouldn't hold an 
individual responsible under AR25— 2 in a situation 
where the chain of command had said it ' s okay for you 
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to do that? 

A I'm not sure of the question. The 

command — so if the user, if the user followed due 
process and requested the appropriate action and the 
leadership has approved that action, then it's the 
leadership ' s responsibility obviously to manage and 
monitor that action or request . 

Q So if a junior soldier was told by his 

supervisor or his chain of command that something was 
allowed, you would expect the junior soldier to rely 
upon the chain of command? 

A Yes, sir. 

MR. TOOMAN: One moment, please. 
BY MR. TOOMAN: 

Q Mr. Weaver, what is your understanding as 

to whether or not music would be permitted to be stored 
on a system? 

A You want the regulation answer or my 

opinion, sir? 

Q Let ' s go with the regulation answer . 

A Okay . 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



58 

(Laughter . ) . 

A So the answer would be there should be a 

process in place by which a commander authorized those 
activities or actions for which they would support WMOR 
or health and welfare and morale associated with his 
environment . It is not arbitrary do as you want to do 
or do whatever you want to do process. It should be 
requested. 

It should be a process by which it is 
approved and the manner in which it is approved is 
followed every time and obviously enforced when it is 
not followed. 

Q Sure. So a commander, if authorizing 

music, would go through the process that you described. 
But the language of 25—2 wouldn't allow for music to be 
stored on a system, correct? 

A The intent of AR25— 2 is not to allow music 

on a network due to the fact that it ' s copyright laws 
for one and secondly it is potentially wrought with 
malware on the CDs that you would upload from. 

Q You said the same is true of games? 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



A 



Yes, sir. Absolutely. 



Q 



What about executable files? 



A 



Absolutely . 



Q 



Now, let's go into, that was the regulation 



answer . 



What 



s the reality? 



A 



So the reality is commander has a 



responsible for health and welfare of his networks and 
of his soldiers. So as such, there should be a policy 
or opportunity by which it is done correctly in 
mitigating the risk associated with those activities . 



technically feasible ways by which your infrastructure 
guys and security guys and/or gals, I apologize to the 
ladies in the room, sorry, and your security folks can 
implement those control measures to mitigate the risk 
associated with that kind of service. Or outright 
prohibit look at alternatives to satisfy the 
requirement if they have one . 



The copyright problem aside, there are 



MR. TOOMAN: Thank you, Mr. Weaver. 



THE COURT: 



Redirect? 
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REDIRECT EXAMINATION BY MR. Von ELTEN: 
Q Mr. Weaver, what's the difference between 

introducing a system and storing a system or storing a 
file and introducing a file to a system? 

A Storing a file is anything, it encompasses 

a number of things. One, where the file was originally 
created or stored, moved, like a file server or a 
location by which you, a user had access to, copying 
from your C drive to a network drive, for example. 

Introducing a file or executable would be 
not necessarily something that would be execute — 
would be installation through a software — I'm sorry, 
through a hardware, USB token or a CD or downloading a 
file that has dutiable in it that would change the 
configuration of the system or had malicious conduct or 
intent mind that system itself. 

So I'm not sure if I answered your 

question . 

Q Are the two treated differently under 25—2? 

A Yes, sir. 

Q How are they treated? 
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A So the user, so a file on a network or 

creation of a file on a network and moving documents 
and so forth would be authorized. Traditionally users 
do not have the authority — users do not have the 
authority to do executable files. That's what system 
and network administrators are for, people that are 
trained to understand the impact of what many 
variations or executables are and the impact to them. 
Why malware is bad, why CDs are bad because they could 
contain malicious content, executables, not just the 
files, the music that's on that CD, for example. 

MR. Von ELTEN: Thank you. 

MR . TOOMAN : No , ma ' am . 

THE COURT : I have a couple of questions . 
EXAMINATION BY THE COURT: 
Q Is the administrator privilege and user 

limitations, are they consistent throughout the Army? 
A The standard, yes, ma'am. Yes, they are. 

Q So did I understand your testimony that a 

user of a Department of the Army computer could not 
load Wget on that computer? 
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A If configured correctly, that would be a 

true statement, ma'am. You, as a user, cannot load 
Wget on that system. You would not have those 
permissions . 

If I may continue. 
Q Yes. 

A Having accessibility doesn't equate to 

authorization. So a user wouldn't have the 
authorization to do that executable. Or to load that 
Wget . That would be a system and network 
administrator . 

Q Say that once — having ability doesn ' t 

equal authorization? 

A Yes, ma'am. That's a fundamental principle 

of 25-2. 

Q In the training that you discussed in the 

CDs, does that tell users that? 
A Yes, ma'am. 

Q So if a user goes on the internet or is, 

sends an e-mail with some kind of an attached movie or 
clip or something like that, is that considered an 
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executable file? 

A Many times it can be, yes, ma'am. 

Q So if the user clicks on the clip, is that 

a violation of AR25-2? 

A By policy, yes, ma'am. Because you have no 

idea what the content of that movie file may contain . 
It should be reported as a potential security violation 
or an attempt by somebody to do malicious activity on 
your network . 

Q I guess that ' s back to my original 

question. When machines, when users are on Army 
machines normally if the user tries to install 
something they're not allow to install, don't they get 
the box that says they have to have the administrator 
privileges? 

A Yes, ma'am. Many times. 

Q But not always? 

A But based on how — clicking on the link in 

the e-mail may contain malicious content that might 
load onto the computer but may not execute until the 
next time you log off and log back on, for example. Or 
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other actions that circumvent the security parameters 
of that system. 

So the user would click on a link, the code 
would execute, he would not see those pop— ups or may 
not see those pop-ups . And then your system is 
compromised. Not all actions are identified by the 
system when you install or maliciously accessed content 
that might be sent to you. 

Q Assume there is mission related. Someone 

sends a video or someone sends some kind of a file that 
you open and execute. Is the user prohibited from 
doing that? 

A No, ma'am. But it's usually part of the 

operational process by which the process itself, the 
control mechanisms are in place and the process has 
been validated to be either safe or approved. So 
sending UA video from side A to B or moving a file from 
side A to B that ' s a UAV video would be operation and 
so, you know, double clicking on that executed is, is 
approved or authorized. 

THE COURT: Any questions based on mine? 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



MR. Von ELTEN: Nothing, Your Honor. 
MR . TOOMAN : None . 

THE COURT: Temporary or permanent excusal? 

MR. Von ELTEN: Temporary. 

THE COURT: You are temporarily excused. 
Please don't discuss your testimony with anyone other 
than the lawyers and the accused while the trial is 
going on. 

THE WITNESS: Absolutely, ma'am. Thank 

you . 

MR. FEIN: Your Honor, the United States 
offers to read a stipulation into the record. This is 
Prosecution Exhibit 80. 

Stipulation of expected testimony for 
Mr. Doug Schasteen dated 9 June 2013. 

(Whereupon, Prosecution Exhibit 80, 
stipulated testimony of Doug Schasteen, was read into 
the record.) 

MR. FEIN: United States moves to admit 
Prosecution Exhibit 114 for identification as 
Prosecution Exhibit 114. 
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THE COURT: Any objection? 

MR. COOMBS: No objection, Your Honor. 

THE COURT: Prosecution Exhibit 114 is 

admitted. 

MR. Von ELTEN: Ma'am, the United States 
calls Mark Kitz to the stand. 
Whereupon, 

MARK KITZ, 

called as a witness, having been first duly sworn to 
tell the truth, the whole truth, and nothing but the 
truth, was examined and testified as follows: 
EXAMINATION BY MR. Von ELTEN: 

Q Are you Mark Kitz of Aberdeen, Maryland? 

A Yes . 

Q Where do you work? 

A I work at Aberdeen Proving Ground in 

Maryland at the Program Executive Office Intelligence 
Electronic Warfare Surveillance Program Manager 
Distributed Common Ground System Army. 

Q What is your educational background? 

A I have a bachelor ' s degree from Lafayette 
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College in electrical engineering and a master ' s degree 
in electrical engineering as well from New Jersey 
Institute of Technology with a focus on communication 
systems . 

Q How long have you been a government 

employee? 

A About 13 years. 

Q And what have you done in your time for the 

government ? 

A So I came to the government directly out of 

college . I have worked on my master ' s program while I 
was in college, I mean, sorry, while I was employed by 
the government . 

I worked for the Trojan program, the 
acronym totally escapes me . It ' s a communication 
system. I was the project engineer, project leader, 
project manager and I spent about six or seven years 
with the Trojan program working on the communication 
systems and then they also have an intelligence system 
that I was a project manager on as well. 

Then I did, I was selected for engineering 
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and scientist: exchange rotation in Australia . I did a 
year and a half at the Defense Science and Technology 
Organization in Australia. 

Then I came back and began working on D6— A 
on a loan from a S and T community and then went as a 
core employee or working directly for the program 
manager in 2011. 

Q How long have you worked at D6— A? 

A It ' s a little over five years . 

Q What position did you have prior to your 

current one? 

A I started as a integrated product team lead 

for installs intelligence and then I worked my way up 
to becoming the systems engineer lead for a product 
that we have called Version 3 or the intelligence 
fusion server and basic (INAUDIBLE) laptop. 

Then I was selected to become the technical 
director for the program which is the role I currently 
have which oversees a portfolio of systems, capacity 
abilities and software across the D6— A portfolio. 

Q How large is that portfolio? 
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A So we're an ACAT 1 MAIS, an automated 

information system. There isn't a larger category of 
acquisition programs in the defense so we're a very 
large program. 

We have a portfolio of about 13 systems 
fielded from company to (INAUDIBLE) . We have over 700 
server suites, over 5,000 laptops. We field to support 
the full 58,000 military intelligence professionals 
supporting the Army. 

Q What is D6-A? 

A So D6— A is essentially a portfolio of 

capabilities providing intelligence, processing, 
exploration and dissemination for the Army. 

What does that mean in lay terms? Every 
military intelligence analyst in the Army gets D6— A. 
Whether that's a laptop, whether that's a server, back 
end infrastructure for them to save data, store data, 
whether that ' s a sensor flying over the battle space . 
There ' s something on the ground ingesting that sensor 
feed and providing that information to an analyst . 

All of that infrastructure across the 
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entire Army is provided by D6— A. 

It ' s relatively difficult to explain in 
somewhat really lay terms but everything from the data 
link itself, from the piece of satellite communications 
that comes with it to the Microsoft Office product that 
sits on a laptop is bought for by the D6-A program and 
it is the acquisition program for that purchase or 
procurement . 

Q At what level are D6— A systems distributed? 

A So today we're, all the way as low as the 

company intelligence support team, so equipment to the 
battalions and companies, D6— A headquarters, division 
headquarters, at the core headquarters and then all the 
support brigades and all of the above core elements 
that have intelligence professionals are equipped with 
D6-A. 

Q Who do you advise in your current position? 

A The program manager for D6— A, Cole Charles 

Wells . 

Q What does the program manager do? 

A So the program manager is the chartered, 
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I'm struggling for the adjective, he is the person in 
charge of all of the activities within the portfolio. 
So the ACAT 1 program we mentioned called D6— A. 

Also an ECAT 2 program and ECAT 3 program 
called charts, counterintelligence, human intelligence 
capability for the Army. He manages that portfolio, as 
the acquisition manager, and he certainly follows 5002, 
the 5002 law in procuring capability against the 
validated requirement by the JROC, by the joint 
community . 

Q What matters do you advise the program 

manager on? 

A Technical and acquisition. So as the 

technical director I advise the program manager on 
trade analysis, determining how we meet requirements 
and what software or what hardware or what capabilities 
are purchased and how the teams are advised — how the 
teams are proposing those procurement activities . Then 
I also advise him on the acquisition process . How we 
move through the gates that are put up by OSD and by 
Congress that we have to statutorily or regulatorily 
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meet in order to achieve the capability for the war 
fighter . 

Q What do you consider when giving advice to 

the program manager? 

A So a lot of it comes down to my experience . 

A lot of it comes down to essentially developing 
courses of action that allow him to make an informed 
decision about not just the technology, not just the 
acquisition process but what is best and makes the most 
common sense to achieve the goals of the program and 
the Army. 

Q How long have you been in your current 

position? 

A Two years . 

Q Let ' s talk about the development process . 

How would you characterize it? 

A So the develop process is, I wouldn't call 

it set in stone but it is a tried and true process from 
an acquisition perspective . It ' s termed the systems 
engineering process, that's essentially it lays out the 
outline of how the Army procures systems at a large 
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level as I mentioned as ACAT 1 program. So that 
process is well defined and it ' s taught across the 
Army. 

Did I answer your question? 
Q You did. 

Let ' s talk a little bit about creative 
software setup . About how many steps are involved? 

A So in identifying a solution to a piece of 

software to meet a requirement, there's multiple steps 
involved. The first would be defining the requirement. 

So the Army system would have a requirement 
that ' s defined in what we call our capabilities 
production document, CPD or capability description 
document called the CDD. We in D6— A since we're a 
large program, we actually have both. The CDD 
essentially says we want you to build a D6-A and the 
CPD gets to further detail . 

So the first step of the process is 
ensuring that we have a solid requirement set that says 
will go build something that makes sense for the Army 
and is measurable via a test . 
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The next step would be to build organizing 
principles around that requirement so in our CPD we 
have 20 attributes. So each attribute has hundreds of 
requirements associated with it . So we organize it to 
integrated product teams as I mentioned earlier. So 
integrated product teams are empowered to identify 
solutions and build out their own process on how they 
would address that requirement with a capability. 

Q Who are on the integrated product teams? 

A So you would have subject matter experts, 

user representation from trade, from the training and 
doctrine command and systems engineers like myself. 

Q How do they evaluate product? 

A So essentially you would evaluate the 

requirement and refine the requirement into measurable 
sets . 

So the example I used previously is, the 
requirement may say to go build a word processor and 
that word processor, another requirement in a word 
processor may be to, we want to it support English and 
Arabic and Chinese . And so the requirement would then 
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be essentially decomposed into smaller chunks, 
measurable chunks . You can ' t measure a requirement 
that says build a word processor. 

You can ' t delineate between different word 
processing pieces of software that would deliver that 
capability . 

So the IPT would agree upon a set of 
measurable requirements and do trade analysis . 

Q What is trade analysis? 

A So trade analysis would be similar to 

releasing a request for proposals . 

Essentially the government is looking for 
this set of requirements to — a solution that would 
meet this set of requirements and they would do the 
technical evaluation and the cost evaluation against 
those requirements and then propose a solution back to 
the larger program and the systems engineering process 
that says, an example, I'm in the signals intelligence 
IPT . I would propose this solution to meet a certain 
requirement and the wider systems engineering community 
would accept that through a series of gates . 
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Q What happens after the solution is 

proposed? 

A So the solution would be proposed at a 

preliminary design review to the program manager and 
the product manager. They would either get a go or no 
go decision at that point on their approach and how 
they would address a solution. 

And they would then identify a solution and 
propose that back at a critical design review. 

And at the critical design review the 
program manager would make a decision about the 
baseline itself and whether or not under cost schedule 
and performance parameters we can execute the solution . 

Q What points of this process are you 

involved with? 

A So I'm involved in all parts of the process 

as an oversight function today. Through my career in 
D6 I've been, as I mentioned, an IPT lead, an IPT 
engineer and a lead systems engineer on a product . So 
I've seen how the process works from all points of view 
in terms of the process. 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



77 

But today that ' s where I sit . Most of my 
functions is engaging with the office of the Secretary 
of Defense who also acts as an oversight role as an 
ACAT 1 program so I act as their conduit into the 
program so they can better understand the objectives 
and where we ' re trying to go . 

Q What happens after the program manager 

makes a decision? 

A Essentially contracts are let and the 

solution is built . After it ' s integrated and built we 
go to what I call code and unit test and then 
development test. Where we would have Army test, an 
evaluate command come in and evaluates the solution 
that was built and then upon successful completion of 
development tests we would go into an operational test . 

Q What is an operational test? 

A An operational test is essentially an 

operational unit using the system, stressing the system 
and validating it that the system is effective, 
suitable and survivable. Does the system work. 

Q Let ' s talk about baselines . What is a 
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baseline? 

A So for us a baseline is essentially the 

hardware and software that we field and train to an 
Army unit for them to use whatever piece of portfolio 
that may be . So as we come out of that test , we 
provide that software or that hardware or both in those 
cases to the unit through a fielding process where we 
train them, they sign for the equipment and that 
baseline is then used as essentially their weapon 
system. 

Q What is of the purpose of the baseline? 

A So the purpose of the baseline is the 

process from requirements the operational test has, the 
Army has validated a risk profile, the function 
survivability essentially and the suitability. 

So does the system work, will it work for a 
long period of time and is it sustainable by Army 
metrics . 

So the Army process has val — I shouldn't 
say the Army process — the process has validated those 
things and so the baseline defines and defines a risk 
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profile for the Army with regard to will that baseline 
meet the war fighter's requirements and work for that 
war fighter . 

Q You just mentioned risk profile. What are 

some of the risks the process tries to prevent or 
mitigate? 

A So throughout the entire process, risk is, 

a lot of the program manager's job is managing risk. 
Essentially there ' s technical schedule and cost risk 
associated with building any solution for the Army. 

So managing that risk in all three of those 
facets is critical to how a program manager executes 
their job. So it's not just about technical 
performance it ' s about the cost and schedule associated 
in delivering that solution. 

Q What role does bandwidth play in 

determining the system setup? 

A So in terms of the system setup, is that 

what you asked? 

Q Yes. 

A So I think in terms of the system setup, I 
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would think that the system is designed to be set up or 
to initially be set up without bandwidth. To be a 
fully severable system — I shouldn ' t say that . 

Most of the portfolio, I guess all of the 
portfolio can be set up without any communications 
backbone. However, the communications backbone enables 
the analyst access to information that they essentially 
require for their job. 

So the system is enabled by the 
bandwidth that's provided but in order to set it up, 
it's not required. 

Q In the deployed environment, how many 

communities might be on the same bandwidth? 

A I don't know the answer to that question. 

Q What is the portfolio security? 

A So for us portfolio security is back to the 

systems that I mentioned. D6— A delivers a common 
ground station, an intelligence fusion server, multiple 
pieces of the portfolio. So we manage security as a 
portfolio. Can we connect to the network, is this 
survivable in terms of vulnerabilities, are we 
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resilient to vulnerabilities . 

So as the program manager, you're managing 
that profile, again that risk profile in terms of 
security in the solutions that you're building. 
Q Why is it important? 

A So for us, for a program manager delivering 

a software solution what ' s really important is that 
those soldiers have the capacity abilities that they 
need. In order to do that they have to be able to 
connect to the networks that they need. So for us it's 
critical that we meet the requirements of the networks 
that we connect to. 

D6— A connects to six different nest works 
by requirement . Along with the networks comes six 
different requirement sets for those networks . It ' s 
critical for us to maintain a positive security profile 
and I say positive in terms of meeting those 
requirements so that they can connect to the network 
and get to the information that they need and the 
systems can remain on the network . 

Q What does Cyber hard mean? 
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A Cyber hard is a relatively new term for 

something that we have had to do since the installation 
of D6— A, which is essentially back to the security 
point that we had mentioned before . We have to harden 
the systems in order to meet the requirements of the 
network . 

So that means the OS has to be hardened, 
has to go through the security checklists and it has to 
be replicated across 5,000 laptops, across 700 servers, 
so it's not something that, you know, we can expect 
every client users to go through. It needs to be out 
of the box that way every time so each user is not 
concerned about the security profile of their system. 
That comes inherent to the system that we ' re providing . 

Q Let's talk about Wget . What is Wget? 

A So Wget is — I have a cursory knowledge of 

Wget. Wget scrapes web sites, essentially uses FTP and 
pulls down that information and allows you to export it 
to multiple formats . 

Q What do you mean when you say it scrapes 

web sites? 
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A It essentially pulls the information off of 

the web server . 

Q How does Wget get through the authorization 

process? 

A To my knowledge, Wget has never been 

authorized on a D6— A system. 

MR. Von ELTEN: One moment, Your Honor. 
Nothing further . 

THE COURT: Cross-examination? 
CROSS-EXAMINATION BY MR. TOOMAN : 
Q Good afternoon, Mr. Kitz. 

A Sir, how are you? 

Q Well, thank you. 

Mr. Kitz, you spoke on direct about the 
process through which a program will get vetted to 
become part of the baseline? 
A Yes . 

Q You mentioned, you used the term a couple 

times ACAT 1 . What does that mean? 

A So it ' s a acquisition category. So 

essentially, I don't actually know who, if it's 
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Congress or Department of Defense who sets these 
categories but based upon the funding threshold for the 
four year program, specifically RDT and E, research and 
development funding determines how big your program is . 

Number one is the biggest . There are also 
2 and 3, 3 being relatively small. Off the top of my 
head I don't remember the threshold. It's different if 
you're an NDAP, Naval Development Acquisition Program. 
It's different. We're actually called a MAIS, Major 
Automated Informations System. You're an IT system, 
you ' re buying software and hardware for the DoD . 

Q So if you needed an ACAT 1 system, means 

that it's one of the biggest programs in the Army, 
correct? 

A It is . 

Q And with that comes a lot of oversight? 

A Roger, sir. 

Q Because there ' s a lot of money? 

A Yes, sir. 

Q Now, you talked about the process through 

which a software program will become part of the 
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baseline and it starts with the requirements document, 
correct? 

A Roger, sir. 

Q So when you get a requirements document, 

let's use an example, you might get a requirements 
document that says we need a word processor? 

A Yes, sir. 

Q So now we ' re going to try and find a word 

processor that fits our needs, right? 
A Correct . 

Q So the first thing that happens then is you 

come up with A spec and B specs? 
A Yes, sir. 

Q What's an A specs? 

A It ' s that functional decompensation of the 

requirement. So as you mentioned, word processor, so 
the CPD would say, the Army, the D6— A needs to have a 
word processor. You can't build a system based upon 
that . So you need things . 

So to give to a developer tasks to give to 
a developer to actually build a word processor, what 
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are the tasks or those measurable things . Like I 
mentioned, languages, back space, support for, you 
know, external development . Those types of things 
would be in an A spec and B spec. So when a tester 
went through it and said, does this meet the 
requirement , that ' s something measurable that that 
tester can say yes, it supports Chinese language, all 
characters, so on and so forth. 

Q Okay . So we ' re going to have sort of a big 

picture requirement of we need a word processor and 
then we ' re going to burrow down even further and say it 
needs to do English, Arabic? 

A Yes, sir. 

Q And needs to be able to save and I need to 



bold? 



A 



Exactly . 



Q 



Any number of requirements? 



A 



Exactly right . 



Q 



Okay . So then it ' s going to go into the 



sort of development phase . It ' 



s going to go to 



integrated product teams? 
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A Yes, sir. 

Q And those teams, what are they going to do 

with it? 

A So essentially IPT create the A specs and B 

specs and they understand the task and charter of what 
they have to build and then they will begin the process 
to identify material solutions that will meet those 
requirements . 

So a word processor in this example, all of 
those requirements would get to one team and that team 
would then begin the process of identifying a solution 
whether, that may be a solution the Army already has. 
It may be something that we need to contract out for a 
new development or it may be needs something that ' s 
commercially readily available and we can go to 
industry to get it . 

Q So the IPT may say we have got Microsoft 

Word, we have got open source or open office and 
they ' re going to look at all of those things and see 
which one fits? 

A That ' s right . They would measure against 
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the cost schedule and performance of that . So the best 
performing word processor may not be available to us 
because of a cost prohibit — or because it wouldn't be 
able to meet the schedule for all the features we need. 

Q And then the IPT are going to propose 

solutions. They're ultimately going to say, for 
example, let's go, well, Microsoft Word? 

A Correct . As an ACAT 1 program we have two 

gates we have to meet . PER, preliminary design review 
and critical design review. At the gates we would 
validate the design or proposed solution. 

Q So there are multiple IPTs, correct? So 

we ' re going to have IPT that are looking at the 
software requirement from a number of different angles, 
correct? 

A Yes, sir, yes. 

Q So then after each of those IPTs comes up 

with the recommendations, then we're going to another 
phase where someone sits down and looks at it all and 
tries to eliminate redundancy? 

A No, I wouldn't call it a separate phase. 
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There is a systems engineering IPT that conducts and 
orchestrates this. Again, it's quite a large program. 

So you ' re right . There ' s anywhere between 
12 and 16 IPTs at D6— A at any one time, depending upon 
the focus of how we ' re building the software . I would 
not call them discrete entities in the process. 
They ' re one sort of systems engineering IPT 
orchestrating the sub IPTs . 
Q Okay . 

A It ' s a constant sort of rolling feedback in 

terms of redundancy in terms of identifying solutions 
that would meet more than one IPT ' s requirement . 

Q So after the IPT it ' s then going to go to 

initial design review? 

A Yes, sir. 

Q And at initial design review there are 

going to be trade studies? 
A Yes, sir. 

Q So you ' re going to have industry members or 

other groups studying the market and they ' re going to 
give their input? 
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A No . It would still be the government 

that ' s studying the market . But that would be the 
point with which we would engage with industry to see 
what ' s available . 

Q So there you would reach out and see what ' s 

already available or see what it cost to create 
something new? 

A Right , right . 

Q And out of that, you're going to get a 

proposed design, correct? 
A Yes, sir. 

Q And then you're going to have, that's sort 

of the first stage. You're going to have go, no go, 
this is what we ' re going to do or — 

A Typically in my experience at initial 

design review ends with a lot of things to do. So, you 
know, you didn ' t quite meet the market and design . 
Here's all the things you've got to do before your 
final design phase . 

Q Once you hit that gate, once you get to go, 

at that phase, then you're going to go to operational 
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testing, correct? 

A We go through a development phase, 

essentially got to build after you finish designing. 
You ' ve got to finish building it and then you go to 
test phase . 

Q And then again you ' re going to have to get 

a go or no go at the testing phase? 
A Correct . 

Q And then once all of that stuff is done, 

we're going to have a baseline, a software program that 
is becoming part of the baseline or gets approved? 

A Defines the baseline, yes. 

Q And that's all, that's a lengthy process? 

A Yes, sir. 

Q And it ' s a lengthy process because this is 

a big program with a lot of oversight? 
A Sure . 

Q Now, updates to D6-A, the software 

baseline, those typically happen on a 18 to 24— month 
cycle? 

A Yes, sir. To the baseline itself, yes. 
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Q So it ' s possible for a user, a unit that 

may be deployed, to be operating on a system that is 
old? 

A Absolutely. 

Q So it ' s possible for, if a unit deploys 

December 10th and the new system comes out on 
January 10th, they're really working with a system 
that's 18 do 24 months old? 

A I think you would not find the case . Once 

a new software baseline has been defined, the theater 
usually is priority and most units in theater elect to 
upgrade the software once it ' s available . 

So you're right in that 18 to 24 months 
there's an older software baseline, once there's a new 
one available, you'll find, my experience is units want 
that new software and they would request it and get it . 

Q So it happens in the field? 

A Yes, sir. 

Q Now, there are other ways that software can 

be added in the field, correct? 
A Yes, sir. 
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Q One such way would be to put in, to go 

through this whole process. That would be one way, 
right ? 

A Yes, sir. 

Q And another way would be to ask for, 

basically ask for an update, correct, or ask for 
approval to put something on? 

A Yes, sir. You can — so once a baseline 

has been defined, we stand up a process called 
Engineering Change Review Board, ECRB. ECRB 
essentially manages that baseline. And the program 
manager does that for the first year that the baseline 
is defined and then we transition that to the 
communications electronics command, also located at 
Aberdeen Proving Ground. That manages the sustainment 
of that system. So they're funded to ensure that the 
baseline remains current, relevant and they manage that 
process for the engineering review. 

Q Now, it ' s possible that a unit may want to 

add something to their system and not want to go 
through any of those processes, correct? 
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A Absolutely. 

Q And that unit may decided we ' re just going 

to do it and not check with anyone? 

A I imagine that that ' s possible . However 

the unit is not authorized to change the baseline . 
That ' s not something that — there ' s no sort of process 
for that, if you will. 

Q Sure. The unit may say, I don't really 

want to go through this long testing process. I don't 
really, you know, we're deployed, we don't want to deal 
with these hoops . We just want to get the mission 
done . We ' re going to put it on there . 

A Yes, they may do that. I, I'm not certain 

how, what the process would be, but yes, they may do 
that . 

Q You spoke about Wget and you talked about 

Wget being a secure FTP program? 

A I'm not certain that it uses FTP. It's a 

different protocol from FTP. I only have a personal 
knowledge of Wget from these proceedings. But yes, I 
did speak of it . 
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Q There are a lot of programming out there 

that are safe that have never been approved part of the 
baseline? 

A That ' s true . 

Q And that's because they've not been tested? 

A Or they may not have a requirement to be on 

the baseline . 

Q Okay. Now, there is a secure FTP program, 

it's part of the baseline, isn't it? 

A Yes, sir. 

Q And that is a program called Save Move? 

A Yes, sir. 

Q That program essentially has the same 

abilities as Wget in that it can be used to go out and 
download entire web pages if you wanted? 

THE COURT : What ' s the name of the program? 
MR . TOOMAN : Save Move . 
A Save Move was designed to essentially pull 

files. So can it take web pages? Yes, it would have 
to access the web server and get to the files behind 
it . It ' s a little bit of a different design but 
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absolutely. It is a FTP to move files and it is loaded 
on the D6-A system. 

Q Now, you spoke about connectivity and you 

mentioned that the D6-A system is a system that does 
not have to be connected but in reality if it ' s not 
connected it's kind of worthless, right? 

A I wouldn't use that term because you still 

have all the commercial tools available to you that you 
would need to do your job . But if you ' re not 
connected, you know, obviously your data pool is very 
small comparatively. 

Q You need the connectivity to access 

information from various databases? 

A Yes, sir. 

Q And that ' s the information that you ' re 

going to use to create your work product? 
A Yes, sir. 

Q Now, Mr. Kitz, do you know whether or not 

soldiers today are allowed to work on their D6— A 
machine and by work on it, I mean modify it or tinker 
with it? 
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A They are not authorized. We have a recent 

program to allow soldiers that are authorized, but 
there ' s a very small number of soldiers today 
authorized admin., what I would term admin, rights to 
the system. 

Q So in the past, how it would work would be 

you would have a deployed unit and they would have a 
D6— A contractor that would be sort of embedded with the 
unit? 

A Yes, sir. 

Q And that individual would be the one who 

would work on the machines? 

A Yes, sir, field service engineer. 

Q And now today we have, in some cases, 

soldiers are able to do the same functions? 

A Only in one instance, yes, sir. 

Q Now, when a unit deploys and they come back 

to the states, D6-A, the machines get scrubs, don't 
they? 

A No, I don't — I'm not — ask your question 

again . I don ' t believe I quite understood it . 
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Q Sorry . I ' 11 rephrase . When a soldier 

redeploys and come back to the states, what happens to 
the D6— A machines? 

A Totally up to the unit . The program does 

nothing with the system. There's a program called 
reset, blows the dust out of it and make sure 
everything works and turns on . But from the programmer 
perspective, we don't touch the software in the system. 
The system remains the way it was when the unit comes 
back with it . 

Q And when a unit has their D6— A machines 

updated, that would be something that is done by a 
D6-A — 

A Yes, sir. 

Q And that person would look at what ' s on the 

D6-A machine that they're updating, correct? 

A No, I would not make that assumption 

because when the program goes out to update a baseline, 
they're providing a new baseline to that system. So 
essentially they are actually reloading the entire 
system and moving the data over. 
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So I ' m not certain that they would, I would 
use the term scrub the old system because I don ' t think 
that they necessarily are concerned about the specifics 
are what on that system. They're concerned about the 
data that was there and updating that system. And in a 
lot of cases, they would get a new physical system, 
depending upon how old the hardware was . 

Q If they got a new system, what would happen 

to the old system? 

A Actually the PM would take ownership of 

that system and they would have disposition 
instructions associated with it . 

Q Sir, are you aware of whether or not it's 

common for D6— A systems to have unauthorized software 
or unauthorized files on them? 

A I'm not in a position where I have direct 

knowledge of that but it is my understanding that it is 
relatively common, yes, sir. 

MR. TOOMAN: Nothing further. Thank you, 

Mr. Kitz. 

REDIRECT EXAMINATION BY MR. Von ELTEN : 
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Q Who uses Save Move? 

A The only people is the field service 

engineer. They are the only people that have access to 
that application. 

Q What side does Save Move operate on? 

A Entirely server side operation. So there's 

no Save Move loaded on a client . 

Q What side is a user on? 

A Just the client side . 

Q When is a user on the network side or 

system side? 

A The user does not have access to the system 

as a client user. Only an admin, right would have 
access to the operations on the server. 

Q What side does Wget operate on? 

A You can run it on the server or the client . 

Q What side does Wget operate on if it ' s used 

from an analyst laptop? 

A It would be the client . 

MR. Von ELTEN: Thank you. 

THE COURT: I just have a couple of 
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questions for you . 

EXAMINATION BY THE COURT: 
Q Is mIRC chat on the list of authorized 

programs? 

A It is not on the list of authorized 

programs, ma'am. There was a technical bulletin 
released to our field service engineers that outlined 
how to load it if a commander chose to load it . But it 
is not on the official baseline and that letter that 
went out the engineers essentially showed it because we 
understood that a lot of commanders wanted mIRC chat . 

So essentially that letter outlined that it 
is not part of the baseline and any cost associated 
with Microsoft Office as it is a licensed product as 
well, was the commander's risk and the commander of 
that unit had to procure it . 

Q So let ' s go back to the commander ' s 

authority again. If a commander is out in the field 
and wants to install mIRC chat for example, do they 
have to — you said you sent a letter because you have 
systems engineers that accompany the units that help 
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them with their D6— A computers? 
A Yes. 

Q So does the commander have to use that D6-A 

engineer to load the program? 

A Yes, ma'am. The engineer is the only 

person that has the admin, rights to the system. 

What I said, I should qualify that . We 
have a process, it's called a technical bulletin. So 
as, let's say a security update comes out for Oracle 
and Oracle is on the system. We release a technical 
bulletin. Here, field service engineer, this is how 
you would apply this security patch to Oracle. 

So we release the technical bulletin saying 
that we understand that commanders have been requesting 
this, it is not authorized, we, program manager, are 
not authorized to allow you to have it . 

However, we understand that the commander 
wants to take the risk. If the commander sends us a 
letter then we will allow it to be loaded. 

Q So on a D6— A computer, if a individual user 

wanted to load mIRC chat or Wget or any other type of 
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program and they tried to do it, would the computer 
itself stop the user from doing that, with the little 
box that says you don't have admin, rights? 
A Yes, ma'am. 

Q Would the same be true if the program was 

on a shared drive? 

A Yes, ma'am. Once it accessed essentially 

the registry, it should kick and say, you require a 
password to load any software on the system. 

Q So the software program is on a shared 

drive and the user reaches out on the shared drive and 
takes it back on the local drive that message should 
come up? 

A Yes, ma'am. Once they tried to install it. 

Q Could they put a shortcut from the shared 

drive on their system? 

A I don't believe so, no. The software has 

to run from somewhere . 

Q How about music games and that kind of 

thing, can those be updated from a user to a D6-A 
computer? 
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A (INAUDIBLE) . 

Q What ' s the difference between that and Wget 

(INAUDIBLE) ? 

A Say there ' s a music player already on the 

system. It really just uses the file system. 

An example with Wget can be you can 
download Wget or put Wget on the system, the file 
itself. Once you try to run it, you would be required 
admin, rights. 

THE COURT: Any follow-up questions based 

on mine? 

MR . Von ELTEN : No , ma ' am . 

MR . TOOMAN : Just a couple , ma ' am . 

RECROSS EXAMINATION BY MR. TOOMAN: 
Q You mentioned a memoranda that you sent out 

to commanders because you understood that they wanted 
to use mischaracterize chat. Does that recommendation 
or guidance identify a particular version? 

A Let me qualify your question. It wasn't 

sent to commanders . It was sent to field service 
engineers giving them guidance if the commander asks 
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you to install this . This is what ' s required of the 
commander and this is how you would do it . I do not 
know offhand, no . 

THE COURT: Before you continue, let me ask 
one more question. 

When was that technical bulletin issued? 

THE WITNESS: I believe it is in 2008, 

ma ' am. 

THE COURT: Thank you. 
BY MR. TOOMAN: 

Q And a commander had to approve the addition 

of the mIRC chat? 

A Yes, the commander specifically had to 

accept the risk . 

Q Mr. Kitz, would it be possible to add mIRC 

chat onto the desktop as an executable file? 

A Without admin, rights? 

Q Yes. 

A I don ' t believe so . 

Q What about Wget? 

A I don ' t believe so . 
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MR. TOOMAN: Thank you, Mr. Kitz. 
REDIRECT EXAMINATION BY MR. Von ELTEN: 

Q Mr. Kitz, how do you install Wget? 

A I've actually never installed it on my 

machine so I would not be able to necessarily answer 
that question. 

Q How do you install mIRC chat? 

A MIRC chat you have to download and it 

probably has an MSI file that allows, that has 
automated, you know, installation instructions and you 
click through next like you would most applications . 

Q How sure are you about mIRC chat? 

A How sure am I with regard to what? 

Q Its installation? 

A How sure am I about what about its 

installation? 

Q The process. 

THE COURT: I thought he just said he 
didn ' t know how to install it . 

Did I misunderstood your testimony? 
A No, he asked me mIRC chat. And mIRC chat I 
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have installed before. So I'm relatively confident 
that mIRC chat, you know, requires some sort of 
interaction with the user to install it . 

Q When you said MSCI — 

A MSI . 

Q What is an MSI? 

A An MSI is essentially a wrapper around an 

application that automates installation so whenever you 
download a file on the internet and you bring up, I 
want to double click and install it, it brings up a, 
you know, who are you and then next here ' s the service 
agreement between me and the user . Next is what are 
the configurations, you know. I need an IP address for 
the chat server Microsoft Office will connect to, then 
you click next, yes. And the MSI file is essentially 
the wrapper that allows the interface with the user to 
configure and install the application. 

MR. Von ELTEN: Thank you. 

THE COURT: Temporary or permanent excusal? 

MR. Von ELTEN: Temporarily. 

THE COURT: Mr. Kitz, you're temporarily 
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excused. Please don't discuss your testimony or 
knowledge about the case with anyone other than the 
lawyers or accused while the trial is going on. 

THE WITNESS: Sure. Thank you, ma'am. 

MR. FEIN: The United States offers to read 
a stipulation of expected testimony on the record. 

THE COURT: Proceed. 

MR. FEIN: This is Prosecution Exhibit 107. 
Stipulation of the expected testimony of Ms . Florinda 
White dated June 10, 2013. 

(Whereupon, Prosecution Exhibit 107, 
stipulated testimony of Florinda White, was read into 
the record.) 

THE PROSECUTION: The United States calls 
Captain Thomas Cherepko . 

MR. COOMBS: Could we a 10-minute break? 
(Brief recess taken.) 

THE COURT: Court is called to order. Let 
the record reflect all attorneys present when the court 
last recessed are again present in court . 

Before we proceed I have been advised that 
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we now have a new piece of equipment in the court room. 
Is that correct? 

MR. FEIN: Well, ma'am, it's been moved 
since then during recess, but yes. 

THE COURT: Why don't we just go ahead and 
put it on the witness stand and have someone sit in the 
witness chair to see if there are any issues . 

MR. FEIN: I'm placing a three— sided box to 
block the witness . 

THE COURT: Let the record reflect that the 
court security officer is in the witness chair and we 
are testing, it is a black covering that goes above 
where the witness chair ends basically up to the 
witness, a little lower than the witness' neck and that 
is to ensure that classified information is protected. 

SECURITY OFFICER: Test. 

THE COURT: It appears the classified 
information is protected. Any issues with the ability 
to observe the witness? 

MR. COOMBS: No, Your Honor. 

THE COURT: Any other issues with the new 
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piece of equipment? 

MR. FEIN: No, ma'am. 

THE COURT: We can go ahead and move it 
back then. Thank you. 

Are you ready to call your next witness? 

THE PROSECUTION: The United States calls 
Thomas Cherepko . 
WHEREUPON, 



called as a witness, having been first duly sworn to 
tell the truth, the whole truth, and nothing but the 
truth, was examined and testified as follows: 



THOMAS CHEREPKO, 



DIRECT EXAMINATION BY MR. WHYTE : 



Q 



You are Captain Tom Cherepko from 



Pittsburgh, 



Pennsylvania? 



A 



Yes, sir. 



Q 



Captain Cherepko, what is your current 



position? 



A 



CIS plans and operation officer for NATO 



Force Command Madrid. 



Q 



What is CIS? 
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A Communications and information systems . 

Q What are your responsibilities in this 

position? 

A I do planning for training exercises and 

real world operations . 

Q Captain Cherepko, what is your branch? 

A I am a functional area 53 basic branch 

engineer . 

Q And what training did you receive to become 

a 53 alpha? 

A I went through the 53 alpha course long 

known as the information system manager course . 
Q Where was it? 

A Ft. Worth, Georgia. 

Q How long was it? 

A Approximately nine months . 

Q Can you please describe to the court what 

this training consisted of? 

A The course is broken down into three 

phases, networking, enterprise systems with the 
Microsoft Academy and third phase is security, other 
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related topics . 

Q And what certificates did you receive 

during this time? 

A I received a CISSP, the Certified 

Information Systems Security Professional, security 
plus and the Windows Vista certification . 

Q What was your first assignment out of this 

court? 

A 2nd Brigade, 210th Mountain. 

Q When did you arrive at Ft . Drum? 

A October 1st, 2009. 

Q And what happened when you arrived? 

A When I arrived, after I didn't process, the 

brigade was in the process of deploying and within a 
few weeks of my arrival I deployed with the brigade . 

Q Where did you deploy to? 

A To FOB Hammer, Iraq. 

Q When did you arrive at FOB Hammer? 

A Middle of November, sometime after the 

relief in place with the 2nd Airborne . 

Q Did PFC Manning deploy to FOB Hammer as 
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well? 

A Yes, sir. 

Q What section were a signed to at FOB 

Hammer? 

A The S6 communication section. 

Q What was your position at FOB Hammer? 

A I was the brigade automations officer. 

Q What were your responsibilities in that 

position? 

A My responsibilities were the maintenance 

and managements of the brigade ' s network in the absence 
of the brigade signal officer, act as the brigade 
signal officer and information assurance manager. 

Q So you said you were responsible for the 

maintenance of the network? 

A Yes, sir. 

Q What classified networks were available at 

FOB Hammer? 

A We had SIPRNET. 

Q What was required for someone to get access 

to SIPRNET? 
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A In order to get access for SIPRNET they 

needed to have forms that were filled out that were 
signed by the first line supervisor stating that they 
had a need to have access to the network. The S2 
section was signed verifying the security clearance and 
then they would take the form to the help desk where 
the account was created, assuming that their IA 
training was complete . 

Q So this was for them in order to get an 

account? 

A Yes, sir. 

Q So what type of documents did they have to 

fill out in order to get — 

A They had to fill out the account request 

for and an acceptable use policy. 

Q And what type of training did they need to 

receive in order to get a SIPRNET other? 

A They needed to have the annual information 

assurance training complete. 

Q Was there exception to the IA training 

requirement ? 
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A No. 

Q Was there exception to the AUP policy? 

A No, sir. 

Q What is a AUP? 

A Acceptable use policy. It is a document 

that states what you are and are not permitted to do on 
the network that you are signing for. 

Q What regulations are covered under AUP? 

A AR25— 2 and a few others. 

Q Did PFC Manning have a SIPRNET other? 

A Yes, sir. 

Q How do you know that? 

A Because on the night he was defiled I 

deactivated his SIPR account . 

Q And did he need to sign an AUP to get a 

SIPRNET account? 

A Yes, sir, everyone was required to. 

Q Talk about the AUP . How many AUPs have you 

signed in the course of your career? 

A Approaching 50, sir. 

Q When you arrived at Ft . Drum did you have 
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to sign an AUP? 

A I did. 

Q When you arrived at FOB Hammer did you have 

to sign an AUP? 

A Yes, sir. 

Q Did all soldiers upon arrival at FOB Hammer 

have to sign an AUP? 

A All soldiers given accounts had to sign an 

AUP, yes, sir. 

Q And you said PFC Manning had an account? 

A Yes, sir. 

Q During the course of this investigation did 

you locate PFC Manning's AUP? 
A I did not, sir. 

Q Was this the only AUP that you could not 

find? 

A No, sir. We were unable to find mine as 

well . 

Q Are you familiar with the contents of an 

AUP? 

A I am, yes, sir. 
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Q And what guidance is available for what 

should be included in an AUP? 

A AR25-2 has a sample AUP that we would use 

to create an AUP . 

Q Are you familiar with the sample? 

A I am. Yes, sir. 

Q How so? 

A Upon redeployment I used the sample AUP to 

draft the new AUP for the brigade with some other AUPs 
as guidelines . 

Q When you deployed back? 

A When I redeployed from Iraq. 

Q When you arrived at FOB Hammer did you 

(INAUDIBLE) the AUP? 

A I did, sir. 

Q Can you explain how the sample AUP in the 

AR25— 2 compares to the actual AUP you signed at FOB 
Hammer? 

A They ' re similar sir . They may not look the 

same but the content is similar . 

Q So do you remember the AUP that you signed 
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at Hammer verbatim to the AUP in AR25-2? 



A 



Most likely not . 



Q 



Was the content of the AUP substantially 



similar to the content? 



A 



It would be similar . 



Q 



Would you be able to identify the sample 



AUP? 



A 



I would, sir. 



Q 



How would you be able to identify it? 



A 



The sample AUP has generic terms throughout 



that are meant to replace when you create your own 
using it as a boilerplate template. For example, one 
of them would be it doesn ' t have the name of the 
network but it has classified network name and then the 
acronym is CNN and I found at amusing that CNN is a 
classified network so yes . 

Q What other characterization about the 

document ? 

A It says that it ' s a sample AUP and it has 

several regulations, rules from AR25— 2 listed in it. 
Q Let the record reflect I'm retrieving 
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Prosecution Exhibit 94? 

A It also starts on page 61, if that matters. 

MR. COOMBS: Your Honor, the defense 
objects to use of Prosecution Exhibit 4 9 for 
identification. If I could, I believe trial counsel 
brought out most of the foundation. If I can voir dire 
in light of my objection for the matter of two or three 
questions to show this is not relevant . 

THE COURT: All right. Voir dire. 
VOIR DIRE EXAMINATION BY MR. COOMBS: 
Q You indicated that everyone signed an AUP 

before they were given SIPRNET access in Iraq, correct? 
A Yes, sir. 

Q Was this the AUP everyone signed? 

A That is a sample, sir, that is used as a 

baseline to build the AUP . 

Q So the answer would be no, this is not the 

AUP that everyone signed? 

A No, sir, this is not the actual AUP. It's 

only a sample used to create an actual AUP . 

Q And there is an actual AUP that had terms 
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that governed how an individual could use the SIPRNET? 



A Yes, sir. 

Q And everyone signed that? 

A Yes, sir. 

Q You said you couldn ' t locate PFC Manning ' s 

and you couldn't locate yours? 
A Correct, sir. 

Q But you could locate other people's? 

A Yes, sir. 

MR. COMBS: So we would object to the use 
of this sample AUP because this was not what was 
signed. The government should be able to produce the 



AUP that was signed by the soldiers from 210 Mountain 
in order to get on the SIPRNET. 

THE COURT: Captain Whyte, is there the 
actual AUP that was signed? 

MR. WHYTE: It couldn't be found. But the 
sample AUP contained substantially all the content from 
the AUP from his memory. 

THE COURT: So this is a best evidence 

objection . 
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MR. COOMBS: Yes, Your Honor, especially 
when you have three specifications that rise and fall 
on the (INAUDIBLE) so you've got specifications 2 and 3 
of charge 3 and then each of those obviously are 
(INAUDIBLE) violations and then you've got a 10— year 
offense, specification 11 of charge II, a 10-year 
offense . 

If the government is going to premise 
criminal liability based upon an AUP, they ought to be 
able to produce the AUP . I understand maybe they can ' t 
produce PFC Manning ' s . But we ' re talking about a whole 
brigade . Surely at least one AUP can be found from the 
brigade . 

THE COURT: Government, normally I would 
not, the government's allowed to try the case as you 
want to, but in this, the government doesn't intend to 
actually question about the actual document signed when 
you have it . 

MR. WHYTE: We intend to elicit testimony 
from the witness about what was included in that AUP to 
his memory, Your Honor, and the sample AUP will help 
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the witness testify to those things . 

THE COURT: So would the AUP from Ft. Drum, 

right? 

MR. FEIN: Can we have a moment, Your 

Honor? 

THE COURT: Yes. 

MR. WHYTE: Can I ask the witness a few 
questions, Your Honor. 

THE COURT: Yes. 

DIRECT EXAMINATION BY MR. WHYTE: 
Q Who maintained these AUPs at FOB Hammer? 

A The help desk. 

Q Originally what happened to these records 

when they were signed? 

A Yes, sir, they were collected from the 

individual and then they were stored in a folder in the 
help desk in the brigade headquarters . 

Q Originally what happened to these records 

once they were stored? 

A They were stored just on a shelf in the 

help desk area and they were — 
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Q Brief Your Honor with what happens to these 

documents throughout their deployment. 

A Yes, they remain just sitting in a folder. 

They're never really referenced again unless we need 
to . 

Q Are you familiar with what happens once 

you ' re redeployed? 

A Yes, sir. Usually they're destroyed. 

THE COURT: So there is no — now I'm 
completely confused. Is there or are there available 
documents from FOB Hammer, AUPs that were signed by 
somebody else or were not? 

MR. FEIN: Ma'am, if I may? 

BY MR. FEIN: 

Q Captain Cherepko, do any AUPs from FOB 

Hammer exist today? 

A Not that I know of today. 

Q Did they exist once you arrived back to Ft . 

Drum? 

A I don ' t recall any arriving back to Ft . 

Drum, sir. 
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Q Because to the best of your memory what 

happens to those AUPs that were in FOB Hammer in Iraq? 

A When the network was turned off, they were 

burned. 

MR. FEIN: Thank you. 

And there are no AUPs from Ft . Drum, excuse 
me, from FOB Hammer when the unit redeployed because 
they were destroyed which is why the United States is 
offering to the best of his memory to be able to use a 
sample AUP and to be able to draw, to aid him in his 
memory what was on the AUP when it existed. 

THE COURT: Do you want to voir dire the 
witness further? 

MR. COOMBS: Yes, Your Honor. 
VOIR DIRE EXAMINATION BY MR. COOMBS: 
Q Captain Cherepko, you said you eliminated 

my client's ability to get on SIPRNET at some point? 
A Yes, sir. 

Q When was that? 

A The night that he was detained. 

Q So roughly towards the end of May 2010? 
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A I don't recall the exact date but yes, sir. 

Q Prior to your redeployment? 

A Yes, sir. 

Q And at that point AUPs still existed, 
right? 

A Yes, sir. 

Q But you hadn ' t redeployed? 

A Correct . 

Q So if the AUP wasn't secured at that point, 
that was, that was because no one I guess asked for it? 

A Or it didn't exist, yes, sir. 

Q But somebody did come around looking for it 
from you, correct? 

A Yes, sir. 

Q And they asked if you could produce it? 

A Yes, sir. 

Q And you said I can't find PFC Manning's? 

A Correct . 

Q But I can't even find mine? 

A Correct . 

Q But you had evidence at that point? 
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A In FOB Hammer, yes. 

Q But no one asked for that dope? 

A Not that I recall, no, sir. 

Q And the government is attempting now to use 

AR25— 2 — I'd like to have this marked as Defense 
Exhibit Alpha for identification. 

You said you used AR25-2 to create your own 
AUP at some point? 

A Upon redeployment, yes, sir. 

Q And when you used your own, you added in 

your own terms and whatnot? 

A I did, sir. I used the sample from AR25— 2, 

the divisions and the installations and I made sure 
that mine met the requirements of AR25— 2 and was nested 
with the divisions and the installations . 

Q So was yours quite a bit longer than the 

sample one in AR25— 2? 

A Yes, sir. 

Q Was it worded verbatim to the one in 

AR25-2? 

A No, sir. There were sections that were 
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verbatim, but the complete document was not verbatim. 
Because there are sections in the sample that you have 
to modify to suit your unit and your local policies and 
regulations . 

Q I'm going to show you Defense Exhibit Alpha 

for identification and see if you recognize it. 

MR. FEIN: Ma'am, is this a voir dire? 

THE COURT : I'm allowing it to see what 
we ' re going to use . 

Go ahead . 

Q Showing you what ' s been marked as Defense 

Exhibit Alpha for identification. Can you tell me what 
it is? 

A That is the Ft . Drum installation AUP . 

Q What year and month is that AUP? 

A February 2010. 

Q So that would have been after your 

deployment ? 

A It would have been in the middle of the 

deployment, yes, sir. 

Q As far as this one is for Ft . Drum, 
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correct? 

A This is for the installation, yes, sir. 

Q That wouldn't be the one that you would use 

down (INAUDIBLE) would it? 
A No, sir. 

Q How many pages is that AUP? 

A Seven, sir. 

MR. COMBS: Retrieving Exhibit Alpha for 
identification from the witness . 

Your Honor, what the defense would ask the 
court to do is look at Defense Exhibit Alpha for 
identification and the version that the government 
wants to use from 25—2 and you will see that there's 
quite a bit of difference between the two versions, 
this is what Ft . Drum used for AUP when they came back . 

So if the government is going to premise 
three specifications on a violation on 25—2 and one 
(INAUDIBLE) , violating the AUP for the 1030 offense, 
the terms matter. It can't be closed. 

I'm handing Defense Exhibit Alpha to the 
court and I request that the court compare that with 
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Prosecution Exhibit 94 for identification. 

THE COURT : I ' ve looked at both of them, 
Mr. Coombs. That's what they have cross— examination 
for. You'll be free to question the witness about the 
Ft . Drum AUP . 

I ' m going to let the government go ahead 
and use Prosecution Exhibit 94 for identification . I 
understand your objection. 

MR. COOMBS: Ma'am, for clarification, it's 
being used for illustrative purposes only. It's not 
being used as the AUP signed by my client . 

THE COURT: Yes. I believe that's the 
government's position. Right? That's not the AUP 
signed — 

MR. WHYTE: That's correct, sir. 
DIRECT EXAMINATION BY MR. WHYTE: 
Q Handing the witness Prosecution Exhibit 94 

for ID. 

Captain Cherepko, please look at that 
document and let me know when you're finished. 
(Witness reading.) 
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A Yes, sir. 

Q Are you familiar with this document? 

A I am, sir. 

Q What is that document? 

A That is the sample acceptable use policy in 

the back AR25-2. 

Q And how do you know that? 

A Because it starts on page 61 of AR-25. It 

labels itself as the sample of acceptable use policy 
and in the contents of it it uses the terms that are 
being replaced with your specific unit information such 
as classified network name, insert unit name here. 
That sort of information . 

Q Again, can you please explain to the court 

how this sample, to the best of your memory, compares 
with the actual AUP that you signed at FOB Hammer? 

A It's similar. It may not look identical, 

but the content is similar . 

MR. WHYTE: Your Honor, we offer 
Prosecution Exhibit 94 as the next Prosecution exhibit . 

MR. COOMBS: Your Honor, the defense would 
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not and in this instance, I don't know if the witness 
actually read the amount of time, this seems to be 
similar meaning it looks like an AUP and there might be 
some similar terms, but to offer this into actual 
evidence in this case it has no relevance to this case 
here because it ' s not what my client signed for one . 

Second, even though the witness does have 
personal knowledge of the AUP that was signed in this 
instance all it's saying it's similar, most of the time 
it might go to weight instead of admissible. 

But in this instance because of the fact 
that the terms actually matter, what is relevant is the 
actual terms of AUP. So we would argue under 403 this 
is also prejudicial and it is confusion of the actual 
issues, that is what are the terms that PFC Manning had 
to abide by while he was deployed. 

THE COURT: Government? 

MR. WHYTE: Well, Your Honor, actually the 
Defense ' s exhibit as well was not a record that PFC 
Manning actually saw himself . It was a document 
produced or created during the deployment and signed 
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that document when he redeployed back at Drum which the 
accused did not do. So that is not a document that PFC 
Manning actually saw. 

What we ' re asking Captain Cherepko to do is 
based on this sample to testify as to what that AUP 
that he signed at FOB Hammer consisted of . 

THE COURT : Here ' s what I ' m going to do 
with that. With the foundation you laid so far, I'm 
going to sustain the defense objection. If you want to 
go through the document paragraph by paragraph and talk 
about the witness, since he's coming from memory what 
he remembers the actual AUP said, I ' 11 listen . 

MR. WHYTE: Just to clarify, Your Honor, we 
can talk to the witness about what was included in the 
FOB Hammer? 

THE COURT: Yes. 

MR. WHYTE: But not through reference of 
Prosecution Exhibit 4 9 for ID. 

THE COURT: You can use Prosecution Exhibit 
94 for identification to go through the witness, this 
is what the sample says, paragraph one. Was yours any 
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different. It the same. Was it — 

MR. FEIN: May we have a brief moment? 
THE COURT: Yes. 

MR. WHYTE: Your Honor, we offer 
Prosecution Exhibit 94 for ID as Prosecution Exhibit 
94. 

MR. COOMBS: Same objection. 
THE COURT : After you ' ve gone through the 
paragraphs we ' 11 address that . 

May we have a short recess? 

THE COURT: Yes, how long would you like? 

MR. FEIN: Two minutes. 

THE COURT: Captain Cherepko, please don't 
discuss your knowledge of the case with anyone during 
recess . 

(Brief recess.) 

THE COURT: Court is called to order. 
Record reflect all parties present when the court last 
recessed are again present in court . 

Captain Whyte, witness is on the witness 

chair . 
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MR. WHYTE: Permission to publish the 

exhibit . 

THE COURT: Proceed. 

MR. WHYTE: I'm retrieving Prosecution 
Exhibit 94 for ID from the court reporter . 
BY MR. WHYTE: 

Q Captain Cherepko, earlier you said that the 

FOB Hammer AUP was nested from the sample AUP in 
AR25-2. What do you mean by that? 

A The one that I created after redeployment I 

used AR25-2 sample as the baseline and I took my higher 
head words and installations and make sure any local 
policies that were in place were covered under my AUP . 

MR. COOMBS: Your Honor, I object to 
relevance of anything after the redeployment . 

THE COURT : I believe the government ' s 
question was the AUP, the AUPs that you used for Hammer 
that you no longer, FOB Hammer, that you no longer 
have . 

THE WITNESS: Yes, ma'am. I didn't draft 
that AUP . It was in place when I arrived at the FOB . 
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The only AUP that you crated was after redeployment . 

THE COURT: Maybe you can target your 
questions a little bit better. 
BY MR. WHYTE: 

Q Can you explain again how the sample AUP in 

25-2 compared to the actual AUP that you signed at FOB 
Hammer to the best of your memory? 

A To the best of my memory the content was 

very similar. The sample until 25—2 covers what needs 
to be in an acceptable use policy and to the best of my 
memory the content and the subject matter is very 
similar . 

Q Captain Cherepko, can you please just read 

to yourself paragraph number one of Prosecution Exhibit 
94 for ID. 

(Witness reading.) 
A Yes, sir. 

Q So to the best of your memory, how did the 

AUP that you signed at FOB Hammer compare to this 
paragraph in the sample AUP? 

A It may not have been verbatim, but it was 
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the same intent . 

Q What was that intent? 

A You ' re signing that you understand that the 

2nd Brigade 10th Mountain SIPRNET or NIPRNET is, it's 
your responsibility to follow the rules and not make 
any unauthorized modifications, changes or do anything 
to circumvent security . 

Q Captain Cherepko, can you please read to 

yourself paragraph 6. 

(Witness reading.) 

Q To the best of your memory, how did the AUP 

that you signed at FOB Hammer compare to this sample 
AUP in 25-2? 

A Again, I can't recall verbatim what it 

said, but the restriction on introducing software to 
the network or to a system is prohibited, was 
prohibited. 

Q Are you familiar with what an executable 

file is? 

A Yes, sir. 

Q What is an executable file? 
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A An executable file is a piece of software 

that is able to be run without administrative 
privileges. It wasn't required being installed, it 
doesn ' t require any modifications of the operating 
system and it can be run from a CD, a flash drive, from 
a shared drive from a network location, from the 
desktop. There's no, there's no requirement to install 
an executable file . 

Q When PFC Manning was at FOB Hammer, were 

you familiar with what Wget was? 

A When he was at FOB Hammer, no, sir. 

Q But you ' re familiar with it today? 

A Yes, sir. 

Q What is Wget? 

A It ' s an executable file that ' s used to 

scrape sites or sources and retrieve any data that ' s 
set in the parameters of the program to retrieve, 
whether it ' s all or a specific type or what have you . 

Q And to the best of your knowledge at FOB 

Hammer was Wget an authorized executable file? 

A It was not, no, sir. 
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Q Are you familiar with the certificate of 

net worthiness? 

A I am, sir. 

Q What is the certificate of net worthiness? 

A The certificate of net worthiness is an 

organization for a piece of software to be used on Army 
network . 

Q When you were on the FOB Hammer was Wget on 

this certificate of net worthiness? 
A No, sir. 

Q What does that mean? 

A It was not authorized. 

Q Captain Cherepko, if you could please read 

subparagraph O. 

(Witness reading.) 
A Yes, sir. 

Q To the best of your knowledge, how did the 

AUP that you signed at FOB Hammer compare to 
subparagraph O of the sample AUP? 

A It would be very similar . That is a 

required statement, not only on AUPs but every time you 
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log in the machine, that statement or one very similar 
to it is displayed. 

MR. WHYTE: Let the record reflect I'm 
returning to the clerk Prosecution Exhibit 94 for ID . 
BY MR. WHYTE: 

Q Captain Cherepko, are you familiar with the 

T-drive at FOB Hammer? 

A I am. 

Q What was the T-drive? 

A The T— drive was a shared drive on the 

network that users had access to to store files on. 

Q And when you arrived at FOB Hammer, what 

was the status of the T-drive? 

A It was in place and operational . 

Q And what network was it on? 

A It was on SIPR. 

Q What restrictions were placed on the 

T-drive for access? 

A If you were not a member of the 2nd Brigade 

10th Mountain domain, you did not have access to the 
shared drive. And if you were a member of the domain, 
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there were very few restrictions on where you could 
view, edit or remove files . 

Q So what prevented a user from moving 

information on the T— drive? 

A Nothing, sir. The intent of the T— drive is 

to place information there, retrieve information so 
that you don't fill up the local storage on your 
computer . 

Q And what prevented the users from removing 

something from the T— drive? 
A Nothing, sir. 

Q Let ' s talk about the administrative rights 

with the network. Who is an administrator? 

A An administrator is a person with elevated 

privileges that allows him or her to make modifications 
to software or hardware . 

Q So what is, just explain again, what does 

it mean to have administrative rights? 

A It means you have the ability to install 

hardware, make changes to the operating system or 
install software . 
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Q So what can a user not do without being the 

administrator? 

A They cannot install hardware and they 

cannot install software . They cannot make 
modifications or changes to the operating system. 

Q What were the administrators of the share 

drive? 

A The administrators of the shared drive were 

my soldiers and assistant administrators who worked for 
me . 

Q Did PFC Manning have administrative 

privileges? 

A No. 

Q Was PFC Manning authorized to install 

software? 

A No, sir. 

Q What happens if someone wanted to install 

software onto their government computer? 

A They would request a piece of software that 

they did not have through the help desk and then the 
help desk would check, if it was an authorized piece of 
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software that we had a license for and readily 
available, they will install it. If it was not either 
available or we did not have a license or it was not 
authorized, then the help desk would come see me. 
Q What would you do? 

A I would then research the availability of 

obtaining the software . 

Q Would you check to see if an approved 

program? 

A I would, yes, sir. 

Q At FOB Hammer to the best of your memory, 

did PFC Manning ever ask you to install a program onto 
his computer? 

A No, sir. 

Q You testified earlier that you are familiar 

with Wget . Can you just one last time explain the 
installation process for Wget? 

A There is no installation process. If you 

have it on a CD or thumb drive or on your desktop you 
can simply run it . There ' s no administrative rights 
required. 
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Q You said Wget was an executable file? 

A Yes. 

Q So how does using an executable file like 

Wget allow a user to circumvent the need to actually 
come see the S6? 

A There ' s no administrator required to 

install it . You simply run it from a disk or desktop . 

Q So who was capable of putting a program 

like Wget, an executable file, onto their computer? 

A Anyone . 

Q Was PFC Manning authorized to put Wget onto 

his computer? 

A No, sir. No one was. 

Q What Army regulation prohibits soldiers 

from using unauthorized executable files? 
A AR25-2. 

Q And what document do soldiers sign that 

prohibits them from using unauthorized executable 
files? 

A An acceptable use policy. 

Q What type of software is Wget? 
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A I believe it ' s freeware . 

Q And what is freeware? 

A Freeware is software that you can download 

from the internet or whatever source you obtain it from 
and you do not have to pay for it . 

Q Is freeware authorized? 

A It is not. It is specifically prohibited. 

Q Under what? 

A AR25-2. 

MR . WHYTE : One moment , Your Honor . 
BY MR. WHYTE: 

Q So you testified earlier that you were the 

administrator. You were one of the administrators? 

A I was; yes, sir. 

Q What were you the administrator of? 

A I was the manager of all of the 

administrators and by necessity I was also the senior 
administrator for the brigade. Any problems that the 
help desk soldiers or any of my technicians couldn't 
solve, they would bring to me for the network, LAN, 
WAN, enterprise services, local desktop computers, VTC 
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suites, battlefield command systems, any of the command 
control systems . 



Q Are you familiar with D6 machines? 

A Slightly familiar, yes, sir. 

Q Did you have D6 machines at — 

A I believe we did, yes, sir. 

Q Were you the administrator of the D6? 

A I was not . 

Q Who was the administrator? 

A I'm not sure . 

MR. WHYTE : No more questions, Your Honor. 

CROSS-EXAMINATION BY MR. COOMBS: 
Q Captain Cherepko, just for a moment to talk 



about the AUP that you were shown . You talk about 
something being, I think it might be similar, am I 
correct that you read this once when you got to FOB 
Hammer and signed it? 



A The 2nd brigade AUP? 

Q Right . 

A Yes, sir. 

Q And after that you weren ' t reading it on a 
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daily basis, were you? 

A No, sir, not on a daily basis. 

Q Were you in charge of briefing other people 

on the AUP and having them sign it and supervise them 
signing it? 

A No, sir. I delegated that to my help desk 

NCIC. 

Q So you weren ' t even reviewing the AUP on a 

daily basis? 

A No, sir. 

Q So when you talked about it looked similar, 

you're basing that on a memory of seeing the document, 
the one that was signed by you when you deployed in 
2009, right? 

A Yes, sir. 

Q And now in 2013, that's where you're 

testifying based upon that memory, back in 2009; is 
that right? 

A Yes, sir. 

Q And when you say I think that's, you know, 

similar or I believe that was in there, do you know 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



147 

that or are you making basically an educated guess 
based upon what you would think would be in there? 

A I'm making a logical assumption that when 

you create an AUP the best business practice is to take 
the example that the Army gives you and says this is 
the standard and you use that, along with local 
policies and you create your document and every AUP 
I've ever seen has very similar content. 

Q Okay. I showed you Defense Exhibit Alpha 

for identification and you agree with me that is much 
more substantial than what is, what was shown for, to 
you from 25-2, correct? 

A Yes, sir. But the actual content and 

quantity of content will vary from location to location 
and within a local installation because most of that is 
local policies that is added by the command creating 
the AUP. 

Q All right. Now, even within the AUP, the 

one term that the government had you look at with, you 
know, I will not add malicious code or whatnot, had a 
phrase in there without authorization, correct? 
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A I believe so, sir. I don't recall what it 

said but yes . 

Q You don ' t recall something you just read a 

few minutes ago? 

A Yes, sir. 

Q Okay. So do you need me to refresh your 

memory on something you read a few minutes ago? 
A No , I'm fine . We ' re good . 

Q So, again, did it say without authorization 

in it? 

A On the sample AUP, sir? 

Q Correct . 

A I would, if you could refresh me that would 

be great . 

Q I'll be glad to. 

Can I retrieve — 

THE COURT: Are you referring to 
Prosecution Exhibit 94 or Defense Exhibit Alpha? 
Q Prosecution Exhibit 94 ma'am. 

This is something that the government went 
over with you a few minutes ago and they asked you to 
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read it to yourself? 

A Yes, sir, I see it. 

Q And you read that and they asked you, you 

know, is this the one that you signed. You said I 
believe so . 

So now just refreshing your memory, do you 
see without authorization? 

A I do. Yes, sir. 

Q So that would mean that if you obtain 

authorization you could do it, I imagine? 

A Yes, sir. 

MR. COOMBS: Returning Prosecution Exhibit 
94 to the court reporter. 
BY MR. COOMBS: 

Q Now, you said you were the brigade's 

automation officer for the 2nd BCT? 

A Yes, sir. 

Q Your primary duty as I understood it was to 

manage, maintain and secure the brigade's digital 
communications; is that right? 

A Yes, sir. 
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Q And as the brigade automations officer, you 

were also the information assurance manager for the 
brigade, the I AM? 

A Yes, sir. 

Q You were appointed to this duty on orders? 

A I was, sir. 

Q And as the IM you were the person in charge 

of ensuring information assurance practices were being 
followed by the brigade? 

A Yes, sir. 

Q You were in charge of ensuring any required 

training on information assurance was being done by the 
brigade? 

A Yes, sir. 

Q Other than the online IA security training 

that everyone does, did you do any additional training 
while deployed on IA, information assurance? 

A Posted flyers and bulletin, and on bulletin 

boards and little reminders, you know, don't use thumb 
drives, security is your responsibility and little 
reminders around the brigade headquarters, but no 
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formal training, no, sir. 

Q And that applied to the brigade as a whole, 

correct? 

A Yes, sir. 

Q Now, I want to ask you a little bit about 

the shared drive . That ' s the T— drive , am I right ? 
A Yes, sir. 

Q The T— drive was authorized to store up to 

secret information? 

A Correct, sir. 

Q And users were permitted to basically save 

information on the T— drive if they wanted to? 

A Yes, sir, it was available for any user on 

the domain to share or store information . 

Q And obviously a user might do this if they 

wanted to have something on the shared drive and if it 
was lost by, because their computer crashed, they would 
be able to go to the shared drive; is that right? 

A That is one use of it, yes, sir. 

Q And there was no limitation on the amount 

of classified information that you placed onto the 
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T— drive; is that right? 

A The only limitation would be the physical 

storage limits of the device itself. It didn't place 
any limits on individuals . 

Q Was there any limitation on the type of 

classified information that you stored on the T— drive? 

A Yes, sir. You could only store up to 

secret . 

Q If it were secret, you could store it on 

the T-drive? 

A Yes, sir. 

Q As the brigade IM, was there any limitation 

on saving classified information onto CD if you wanted 
to? 

A At the time, no, sir. 

Q I imagine if you did it, you put it on a CD 

you would have to appropriately label it? 
A Yes, sir. 

Q And other than that, once you did that you 

could do that with authorization? 
A Yes, sir. 
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Q Now, as the IAM, information assurance 
manager, you saw a little unauthorized media on the 
T-drive? 

A Correct . 

Q You saw this media basically on a regular 
basis? 

A Yes, sir. 

Q And the unauthorized media included music? 

A Yes, sir. 

Q It included movies? 

A And games, yes, sir. 

Q And games? 

A Yes, sir. 

Q And the games were executable files, 
correct? 

A They are, sir. 

Q Did you see other executable files besides 
games? 

A Not that I recall, no. 

Q Do you recall seeing mIRC chat on the 
T-drive? 
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A Yes, sir. 

Q Is that an executable file? 

A No, sir, it requires installation. 

Q So from your memory, mIRC chat on the 

T— drive was not an executable file? 
A No, sir. 

Q Okay. Now executable file, let's talk 

about that for a moment . They ' re programs that can run 
without actually adding them to the computer . Am I 
correct? 

A Correct . 

Q If you took a executable file and you put 

it on the desktop of your computer and you double 
clicked, it would run? 

A Yes, sir. 

Q And you wouldn't need admin, rights for 

that? 

A No, sir. 

Q And the prosecutor said that some way you 

could circumvent admin, rights, but with executable 
files you're not circumventing admin, rights, correct? 
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A No, the file is designed that you don't 

install it . There ' s nothing that shows that you need 
administrative rights to run it or operate it . It just 
executes its commands . 

Q And if you didn't want to put on it your 

desktop, you could run an executable file from a CD as 
well, couldn't you? 

A You could run it from a CD, a flash drive, 

from the T— drive, anywhere you could get access to it. 

Q And Wget, I know you said you became 

familiar with that program as part of this case? 

A Yes, sir. 

Q But Wget is an executable file, right? 

A Yes, sir. 

Q And if, if a soldier wanted to run Wget 

from a CD, they didn't need admin, rights for that? 
A No, sir. 

Q If they wanted to run it from the desktop 

of their computer, they didn't need admin, rights for 
that? 

A No, sir. 
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Q Now, from your position as the IAM, was 

there any kind of S6 Captain Cherepko authorized 
movies, executable files, games, folder on the T-drive? 

A No, sir. 

Q So the Colonel, Colonel Miller, he was your 

brigade commander? 
A Yes. 

Q Did Colonel Miller say here ' s the NWR 

folder Captain Cherepko approved of, it has music, 
movies and games and mIRC chat that we have approved it 
and, you know, go through and use it? 

A No, sir. 

Q So that was never done? 

A No, sir. 

Q As the brigade IAM, I imagine you would 

know this but did Colonel Miller ever come to you and 
say I want to authorize mIRC chat on my D6— A computers? 

A No, sir. 

Q Did he ever say, hey, we need to put 

together a letter that says, I know mIRC chat is not 
part of the baseline program for D6— A, but I want to 
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take on the responsibility of getting it on my D6— A 
computers because it's mission essential? 

A Sir, I was not involved with D6— A 

configurations or management at all so if that were the 
case, I would have not been able to comply with his 
request. But no, he did not, never asked me for that. 

Q And being a staff officer myself at 

different times, I imagine if the brigade commander 
wanted to do something, he would first go to you, his 
staff officer, who is basically in charge of that type 
of stuff to talk to you about it? 

A Most likely he would have gone to my 

supervisor first, sir. 

Q That would be Major Morrow? 

A Yes, sir. 

Q And I imagine that that would be batted 

around with you then at some point? 
A Yes. 

Q Do you recall at any point Colonel Miller 

talking about adding mIRC chat to D6— A computers? 
A No, sir. 
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Q Now, whenever you saw music, movies and 

executable files on the T— drive, you would remove it, 
correct? 

A I would; yes, sir. 

Q And everyone, even though you deleted these 

files, they would come back into the T— Drive? 
A Yes, sir. 

Q So users would add it back onto the 

T-Drive? 

A Yes, sir. 

Q And I'm correct then this was not something 

that was leftover from the previous brigade 3A2? 
A I may have been. 

Q When it was deleted and put back on 

obviously 3A2 wouldn ' t put it back on? 

A No, but it still may have been remnants 

from 3A2 if it was a local machine and they were copied 
from a local machine or if they were copying it to a CD 
and moving it back ; but no , 3A2 did not . 

Q When it got back into the T— drive, that was 

from somebody in your brigade? 
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A You could make that assumption; yes, sir. 

Q Would you make that assumption? 

A I would, sir. 

Q Now, you alerted your command to the 

presence of unauthorized media on the T— drive? 
A I did. 

Q You notified your immediate supervisor, 

Major Morrow? 

A Yes, sir. 

Q You also notified Lieutenant Kearns? 

A Through Major Morrow. 

Q You told them about the presence of 

unauthorized media on the T— drive? 
A I did. 

Q You told them about the practice of placing 

the unauthorized media on the T— drive and it needed to 
stop? 

A I did. And I also explained the reasons 

why . 

Q That was because you viewed it as an 

information assurance threat? 
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A Yes, sir. 

Q And to your knowledge, nothing was done by 

the chain of command to act upon what you said? 

A The command agreed that the practice needed 

to stop . 

Q But nothing was done? 

A I don ' t know that they did or did not take 

any actions on it . I just know that the practice 
didn ' t stop . 

Q You know what? 

A That the practice of putting information on 

there didn ' t stop . 

Q And in fact it didn ' t stop until you 

unplugged the network to redeploy? 

A That would be about the time; yes, sir. 

Q To your knowledge, was there ever anyone 

punished for placing unauthorized media on the T— drive? 

A Not that I know of, sir. 

Q If a member of the brigade came to you and 

said Captain Cherepko, I've got a mission essential 
program that I need to install on my computer, what 
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would be the process for you to get that done? 

A It depends on the software and whether I 

have it, it's authorized, and I have a license allowing 
me to legally use it, if I have approval, the software 
and a license, then I would just install it. 

If I did not have one of those things, I 
would then investigate the process of obtaining one of 
those three, the missing piece of the puzzle. 

Q And have you ever had a situation where you 

had to go through that approval process of trying to 
find the — 

A Yes, sir. 

Q — approval? 

A Oh, approval? 

Q Correct. Something that you didn't already 

have approval for? 

A No, sir; only I didn't have a license so I 

had to purchase it . 

Q And do you even know the process of how 

that would happen if you didn ' t have a license for it 
and there was not approval for it? 
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A If I didn't have a license, I would simply 

go to the S4 and begin the process to purchase one. If 
I didn't have approval, I would call up the G6 division 
and begin the process required to obtain approval to 
use the software . 

Q I don ' t want to go through the whole 

process, is that a long process? 

A It's not short; yes, sir. 

Q Have you ever successfully gone through the 

process where you went through the G6? 
A I have not . 

Q Have you ever heard of anyone going through 

the process to get approval through the G6? 

A Not personally. I can assume that it has 

happened because there are hundreds of programs that 
are approved. I don't know of anyone who has actually 
done it . 

Q Okay. Now, with regards to the IAM 

program, I think we understand that only an administer 
can actually add the program, right? 

A Yes. 
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Q But with a executable file, were you aware 

whether or not soldiers were adding executable files to 
the desktop of their computer? 

A I was not . Other than games that I was 

find on the T— drive, no, I was not aware of any other 
executable files . 

Q When you say games, games would function 

much like Wget or any other executable file that once 
you click on it, it actually starts to run? 

A Not all , but most . 

Q So some games would function the same way 

as Wget would? 

A Some would. 

Q Were you aware of whether or not anyone in 

the unit, soldiers in the unit, believed that they 
could add games, music, executable files, like, they 
were given approval to do that? 

A No, sir. Everyone signed the document that 

said they would not add software or change the 
baseline . And beyond that , no one that I know ever 
told them that they were and none of the officers or 
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NCOs that I knew personally thought that it was 
acceptable . 

Q But am I correct in saying it wasn ' t very 

hard for you to search the T— drive and find executable 
files, find music and movies? 

A No, sir; it was not. 

Q Pretty much any day you wanted to, you 

could go look and you would find it? 
A More or less; yes, sir. 

Q And even though that was the case, to your 

knowledge that stuff never came off of the T— drive, the 
music, movies and games, it never came off the T— drive 
until you basically unplugged? 

A No, sir. It would disappear for short 

periods of time after I found it and deleted it and 
then it would reappear hours, days, week, months later. 
But for a brief period of time, it was free of all 
unauthorized media. 

Q So every kind of soldier and NCO you knew 

understood that it was not appropriate, correct? 

A Correct . 
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Q Did you ever get to the bottom of who was 

adding all this stuff under the T— drive? 

A Whenever I was able to identify a soldier 

who was doing, adding the media, I would go to that 
soldier, explain the reasons why it's a bad idea. I 
would explain to their first line supervisor why it was 
a bad idea and then I would leave it up to their chain 
of command to pursue the, whatever they wanted to do to 
the soldier . 

Q To your knowledge, was anything ever done 

by the chain of command? 

A Not that I know of . 

Q Let ' s talk about access controls on the 

shared drive . Do you know why none of the files on the 
T— drive were encrypted? 

A It was a secure network . There was no need 

to encrypt the files . 

Q So any file on the T— drive, video or 

otherwise, would be unencrypted? 

A Yes, sir. Unless the user opted to encrypt 

the file for some reason . 
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Q Do you know why none of the information on 

the T— drive was compartmentalized? 

A It was, it was compartmentalized into 

folders, but there was no restrictions on who could 
access the folder, if that's what you mean. 

Q That is what mean. So, in other words, if 

I had access to the T-drive, I had access to everything 
on the T— drive? 

A Yes, sir. Unless there was a restriction 

requested. If a soldier or a staff officer or someone 
would come to me and request a restriction on a file or 
folder, I would initiate that restriction. 

An example I can give you the S3 shop did 
not want anyone to be able to modify the long range 
planning calendar so I put a restriction that only one 
master sergeant could edit that document . Everyone 
could view it, but only he could edit it. 

If you asked for it, I gave it to you. But 
I don't make the decision on what you do and what the 
S3 does and does not want restricted. 

Q Was that hard to do, if you wanted to put 
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restrictions to limit access to certain information on 
the T-drive, is that a difficult thing for you to do? 

A For me to do, no, sir. For the users, yes. 

Q Now, I want to talk about the use of 

executable files on the desktop of a computer. 

A Okay, sir. 

Q We established that you don ' t need admin . 

rights to do that . But from your position as the IAM 
could computers be configured to where that would not 
be a process that you could do, that you couldn't put 
an executable file on the desktop of a computer? 

A There are systems that exist that would 

alert you, not the user, but would alert the 
administrators to the use of executable files and would 
not allow them to run, yes. 

Q I know you weren't in control of the D6— A, 

but for your computers, if you wanted to, and say for 
any S6 computer we want to make sure no executable 
files are run, could you have prevented that from 
happening? 

A No, sir. 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



168 

Q Why not? 

A I did not have the system that the Army has 

purchased to prevent those types of events from 
occurring. 

Q So it was a resource thing for you? 

A Yes, sir. I had not been issued, HPSS 

system that does that . 

Q But that was possible, if you got resource 

of that system you could prevent somebody from using 
executable file; is that correct? 

A More or less . It would be possible if I 

was given the system and we had the training and the 
understanding to properly employ the system. 

Q Okay. Let's talk about access controls on 

the SIPRNET. All right? 

A Sure, sir. 

Q Other than information that might be 

password protected, were there any access controls on 
the SIPRNET that you're aware of? 

A I'm not sure what you mean, sir. 

Q If I had SIPRNET access like I was a person 
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who had the clearance, had a computer hooked up to the 
SIPRNET, was there any limitation on what I could go 
see on SIPRNET? 

A Yes, sir. 

Q And what was that limitation? 

A There are probably hundreds, if not 

thousands of locations on SIPRNET that you would not be 
able to go to. 

Q Because of why? 

A Being a member of the 2nd Brigade, 10th 

Mountain you had, your authorization were based on 
being a member of my domain. As a member of my domain, 
you could not go to the, you know, M and D north sites 
or their shared drive or shared point portal and access 
anything because I did not have a trust relationship 
configured in my extractor that allowed us to share 
information, that sort of matter. 

You could not go to Afghanistan site shared 
drive or any location and pull information unless we 
had a trust established. Or, if they had that 
alternate distance site configured in such a manner 
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that you did not require verification of your 
authenticity . 

Q I want to break it down. If I'm 

understanding you right . I could go on at a SIPRNET 
computer on your domain, I could go to any place that 
you had a trust relationship with? 

A Inside my domain you could go to any, you 

can go to SharePoint portal. You could go to, you can 
go to the T— drive . You can go to any of the locations 
we had that were available to general users . 

We had some locations that were completely 
restricted to administrators that no one had rights to 
but myself, my NCO, warrants and a few other guys. 

But as a general user, you could go to 
anywhere within my brigade that was not specifically 
prohibited. 

Q And — 

A Outside of the domain, outside of the 

brigade we'll say, you could not go to 1st Brigade 3rd 
ID, you could not type in their address in the URL bar 
and bring up their site and access any information 
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unless they specifically configured their systems to 
allow visitors . If you allow visitors then anyone can 
have access to what you give visitors access to. 

And that goes for every other unit on 
SIPRNET in the world. 

However, my brigade, because we work 
closely with certain units, we had a trust established, 
which means I trust all of their users, meet the 
requirements, they trust all my nets, that's the 
general term. The trust is actually the connections 
that allows anyone in their domain access to mine and 
allows anyone in mine access to the far domain. 

We had trust established with several of 
the other brigades in the M and DB area and with 
multinational brigade and because we had Corp. level 
assets on my network that I managed with MNFI . 

Q So if I could access something on SIPRNET 

on your domain then if I could access it, I was 
permitted to go there? 

A I think you have that backwards, sir. 

Q Based upon what you said, everything you 
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said — 

A If you had access and it was not 

specifically restricted, you had the ability to go 
there . You may not have had the authority to go there . 
Having the ability to go somewhere doesn ' t mean you 
have the need to know or the authority to go there . 
But you have the ability to go there and view, edit, 
remove documents . 

Q All right . So I ' 11 try to simplify it . 

A Okay. Sorry, it's very complex. 

Q I'm trying to make it easy. 

If I go, if I can go on the SIPRNET 
computer, if I can go to a place on your domain, then I 
have at least access to it, access to go there, 
correct? 

A You have the — there ' s no technical 

restriction preventing you to go to Captain Tom 
Cherepko ' s folder, view, edit, remove documents. 

Q Then there is the separate thing you talked 

about that you might have access but, and ability to go 
there, but maybe not the authority to go there, is 
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that — 

A Yes, sir. For example, I have the ability 

as administrator to go anywhere . But I have no need to 
go to the medical officer ' s file and view people ' s 
medical records . I have no real need to do that and no 
authority to do that . 

Q And were you aware of whether or not 

all-source analysts were basically told they could look 
at anything they wanted to that they had access to? 

A I don't know what they were told, sir. 

Q So that would be a no then? 

A No. 

Q And when you say the ability and the 

authorization, if you had the ability to go there 
because of your domain allowing you to go there and you 
had the authorization from your supervisors to go 
there, were there any other restrictions on access? 

A There were no technical restrictions that 

we did not apply . There was no — 

If your supervisor told you to go into the 
S4 folder and find how much fuel the brigade uses in a 
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three— month period and you worked in the medical 
company, you could do it. 

Q With regards to the stuff that PFC Manning 

had access to, did he have to gain access to that 
information on the SIPRNET by hacking anything? 

A Inside my domain or outside my domain? 

Q Inside your domain. 

A I would say no, sir. 

Q Did he need to break any encryption or 

anything to get access to anything that was inside your 
domain? 

A No, sir. 

Q Did he need to circumvent anything to get 

access to something that was inside your domain? 

A He would have needed to circumvent nothing 

technical . 

Q So maybe the only restrictions might be if 

he had authorization from a supervisor to go, using 
your example, if I'm in the medical area, I might not 
have a reason to go to S4C or fuel consumption for the 
brigade so even though I have access to it, I might not 
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have the authority to go there unless my boss said, you 
know what, it's important to me, find out how much fuel 
we ' re using, we want to tell them how much medical 
needs? 

A That would be a fair assessment; yes, sir. 

Q Now, I want to ask you about being the I AM 

and, as far as going to the brigade, was this your 
first duty assignment as an IAM? 

A Yes, sir. 

Q And my understanding is you basically, was 

this your first brigade automations officer position as 
well? 

A It was, sir. It was my first duty position 

out of the schoolhouse . 

Q And at the time that you got there, were 

you aware that the IAM was responsible for verifying 
that all computers under their oversight were properly 
certified and accredited? 

A I was not, sir. 

Q And as part of that process were you aware 

that you had to submit what's called a DIACAPP package? 
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A 



I was not, sir. 



Q 



And my understanding that ' s a 



Department of 



Defense Information Assurance Certification and 



Accreditation Process Packet; is that right? 



A 



Sounds about right, sir. 



Q 



Your brigade was required to basically 



submit one of those packages, correct, the DIACAPP 
package? 

THE COURT: What is it? 

MR. COOMBS: Delta, India, Alpha, Charlie, 

Alpha, PaPa. 

Q Did your brigade submit the required 

DIACAPP package? 

A Not that I know of sir . 

Q And that DIACAPP package was basically 

designed, supposed to be designed to ensure that there 
was a disciplined method for information assurance? 

A Sir, the systems that we had in place at 

FOB Hammer were relatively new to the brigade before 
they deployed and certification and accreditation is 
valid for three years so there would have been no need 
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to submit one at that point . 

Q Are you aware of whether or not somebody 

higher than your brigade disagreed with that 
determination you just made? 

A I am, sir. 

Q And did they disagree with that 

determination? 

A They did, sir. 

Q And so the DIACAPP package, going back to 

my question, that was supposed to ensure a, basically a 
discipline method for information assurance within the 
brigade? 

A It is the paperwork showing that the 

security implementations that are required that I had 
in place were in place . 

Q To ensure basically a discipline 

information assurance environment? 

A It ' s the paperwork that just shows that 

what ' s required to be in place is in place . 

Q And I'm sorry, I don't mean to be aloof, 

I'm trying to get an answer to this part that that 
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process then is to ensure that you have a discipline 
information assurance environment. That you're doing 
everything you're supposed to? 

A I'm not sure what the regulation or 

textbook answer is, sir, but the purpose of it is to 
validate that all of the requirements I have done. 

Q And those requirements, what's the purpose 

for those requirements? 

A To provide security for the network . 

Q Thank you. 

MR. COOMBS: No further questions. 
MR. WHYTE: One minute, Your Honor. 
THE COURT: Yes. 

REDIRECT EXAMINATION BY MR. WHYTE: 
Q Captain Cherepko, you said you monitored 

the network to see if there were any movies, music and 

games on the computer? 

A I did, sir, for the most part I delegated 

to IANCO but occasionally I did it personally. 

Q How often would you search the network for 

unauthorized programs? 
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A 



Personally? 



Q 



Yes. 



A 



When I had free time . 



Q 



So not every day? 



A 



No, not every day. 



Q 



Why not? 



A 



Because I had a — I had an IANCO who 



performed the task and more importantly everyone on the 
network had a security clearance and signed the 
agreement that they wouldn't do unauthorized things so 
I didn ' t feel the need to search every moment of every 
waking day . 

Q Why is that? 

A Because everyone was trusted to do what 

they said they would do. 

Q So defense on cross asked you about 

accreditation for the network? 

A Yes, sir. 

Q If the network were actually accredited — 

A I believe it was, sir. 

Q — okay, what would prevent a soldier from 
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actually burning classified information from the 
network? 

A The accreditation is paperwork, sir, that 

stops someone from doing nothing. 

Q What about leaving the SCIF, for instance, 

with classified information? 

A That would not prevent it; no, sir. 

MR. WHYTE : No more questions, Your Honor. 
MR . COOMBS : Nothing for me , ma ' am . 
THE COURT : I have a couple of questions . 
EXAMINATION BY THE COURT: 
Q With respect to the movies and the games 

that you talked about that were on the T-drive, do you 
remember were they on there when you arrived, at least 
were some of them on there from prior units? 

A They were . The T— drive had been inherited 

from several previous units over several years and they 
were there from the day we arrived. You could go 
almost to any folder from the Brigade 2nd Airborne and 
find funny movie clips, music. 

Q You testified that those were unauthorized 
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programs and files on the — would you consider a game 
or music, were they programs? 

A The movies and music are media that require 

a program to operate. Unless they've been tampered by 
people with mal intent to do executable things in the 
background and that ' s the main security threat for 
them. They can be modified to do security violations 
that you don ' t know about . 

Q The T— drive, did the network contain a 

program to operate them? 

A The movies? 

Q Yes. 

A Yes, ma'am. 

Q And the music as well? 

A Yes, ma'am. The Microsoft Windows media 

player would play movies and the music . 

Q What about the games? 

A The games were either independent 

executable files or they were scripts written inside of 
Excel spreadsheets or Word documents . Those sorts of 
programs that would run those . 
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But the majority of them were independent, 
executable files that required nothing but the one file 
that you would double click on and run . 

Q You testified earlier that you would go to 

the T— drive and remove the music and the games and the 
things that were unauthorized. Other than yourself, 
was there — you said they kept reappearing, was there 
in your opinion a command laxity about enforcing this? 

A In my opinion , ma ' am? 

Q Yes. 

A More or less, yes. 

You know, we alerted the command to the 
presence of it . The reasons for why it is unacceptable 
for being there, both regulatory and security-wise, why 
they're not allowed to be there, but yet they continued 
to appear . 

I tried to use the analogy they are a 
information security negligent discharge . While you 
may assume that firing a weapon into a barrel doesn't 
hurt anyone, you never know. 

Q Did anyone in the chain of command tell or 
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indicate to you why they were sort of letting this go? 
A No , ma ' am . 

THE COURT: Any followup based on that? 
MR. COOMBS: The defense rests, ma'am. 
MR. WHYTE: Maybe two questions, Your 

Honor . 

THE COURT: That's fine. 

CONTINUED REDIRECT EXAMINATION BY MR. WHYTE: 

Q Captain Cherepko, were you aware of any 

freeware on the network, a freeware? You testified 
earlier that freeware was specifically prohibited under 
25—2, were you aware of any freeware on your network? 

A One could make the argument that the games 

they found were freeware . 

Q Did you find with looking through the 

network in the unauthorized executable files outside of 
games? 

A No, no, sir. 

Q Did you notify the command of anything 

other than music, games, movies on the network? 

A On the network? Just general I A violations 
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that I found. An example is one of the FOB'S we had an 
Iraqi Army unit and they tried to splice into my fiber 
with copper, which would never work, but it's still an 
IA violation. So I alerted them to that as well. 

Every IA violation I found I reported to 

the command . 

MR. WHYTE: Thank you. 

MR. COOMBS: Just a couple questions based 

upon that . 

CONTINUED RECROSS EXAMINATION BY MR. COOMBS: 
Q Were you looking for executable files on 

the T-drive? 

A Yes, sir. 

Q And how were you looking for them? 

A I would do a search for all files that end 

in dot EXE, dot VAT, dot VBS, all the types of 
executable files . 

Q Are you familiar with media player VLC? 

A I am. 

Q Did you find that on the T-drive? 

A Yes, sir. 
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Q And was that an authorized media player? 

A I believe it was; yes, sir. 

Q What do you base that on? 

A I recall, I believe I recall looking to 

find out if it was authorized because it was there and 
people were wanting to use it . And they were wanting 
to upgrade to the newest version and it ' s version 
specific, so. 

MR . COOMBS : Thank you . 
THE COURT: Go ahead. 
MR. WHYTE: One question. 

CONTINUED REDIRECT EXAMINATION BY MR. WHYTE: 
Q When you searched the network for any 

music, games, would you actually be looking at a 
person's desktop as well? 

A No, sir. I did not have that ability. 

Unless I walked to the desk and looked, but no. 

THE COURT: I don't think I have any 
further questions. Any last questions? 

MR . COOMBS : Carry on . 

THE COURT: Temporary or permanent excusal? 
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MR. WHYTE: Temporary, Your Honor. 

THE COURT: You're temporarily excused. 
Please don't discuss the case with anyone other than 
trial counsel or the accused while the case is still 
going on. You are free to go. 

MR. WHYTE: Ma'am, the United States calls 
Mr. Jason Milliman. 

THE COURT: Are you all set to go without 
recess? You ready to go, both sides? 

MR. COOMBS: Defense is fine, Your Honor. 

THE COURT: Proceed. 

Whereupon, 

JASON MILLIMAN, 
called as a witness, having been first duly sworn to 
tell the truth, the whole truth, and nothing but the 
truth, was examined and testified as follows: 
DIRECT EXAMINATION BY MR. WHYTE: 
Q Your name is Mr. Jason Milliman from 

Charlottesville, Virginia? 
A Yes, sir. 

Q What is your current military status? 
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A Retired. 

Q When did you retire? 

A August 31st of 2005. 

Q How many hours did you serve in the 
military? 

A 21 years. 

Q And what was your MOS when you retired? 

A 33 Whiskey. 

Q What is that? 

A Electronic (INAUDIBLE) . 

Q Since you retired, what type of work have 
you been involved in? 

A Contractor . 

Q Have you deployed as a contractor? 

A Yes. 

Q What was your first deployment as a 
contractor? 

A November of 2007. 

Q And how long was that deployment? 

A Until February of 2009. 

Q Where were you stationed during this 
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deployment ? 

A Camp Slayer, Iraq. 

Q What were your responsibilities at Camp 

Slayer? 

A I was a main hub FSE responsible for the 

monitoring of all the D6— A servers throughout Iraq. 

Q What is FSE? 

A Field software engineer . 

Q When was your second deployment as a 

contractor? 

A June of 2009. 

Q And how long was that deployment? 

A 18 months. 

Q Where were you stationed during this 

deployment ? 

A I went initially to JSS Loyalty then to FOB 

Hammer and finished in Camp Ramadi . 

Q When did you arrive at FOB Hammer? 

A I think it was around September 2009. 

Q And what unit were you with when you 

arrived at FOB Hammer? 
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A 82nd. 

Q When 82nd redeployed, what unit took their 

place? 

A 210 Mountain. 

Q You were at FOB Hammer when 210 Mountain 

arrived? 

A Yes, sir. 

Q Were you there when they finally redeployed 

back to Ft . Drum? 

A Yes, I was. 

Q So you were there the entire time? 

A Yes, sir. 

Q What was your position at FOB Hammer with 

210 Mountain? 

A It was a different type FSE they called it 

a fly away FSE. My job was based out of FOB Hammer to 
support other units . 

There was a main server at FOB Hammer and 
all the users and laptops . They were stationed at — 
wherever they were located, I fly to them and take care 
of their machine as well . 
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Q So you're responsible for the D6— A 

machines? 

A Correct . 

Q What is the purpose of a D6 machine? 

A It ' s a suite of tools the intelligence 

analysts use to gather the required data they need to I 
guess exploit the intelligence . 

Q And what network were these D6 machines 

hooked up to? 

A SIPR. 

Q To your memory how many D6 machines were at 

FOB Hammer? 

A Roughly 35 . 

Q To access a D6 machine, did you have to 

insert a Linux operating system? 
A No. 

Q Where did you work at FOB Hammer? 

A In the SCIF. 

Q How do you know PFC Manning? 

A He was also in the SCIF. 

Q What did you know about PFC Manning ' s 
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computer skills? 

A Only what I heard, either him talk about or 

others . I guess he had a computer business at some 
point and he made a few comments about his skills . 

Q What did PFC Manning say about his computer 

business? 

A I just remember at one point we talked 

about problems and he said that if it was a problem 
that was taking too long for his liking, he would 
(INAUDIBLE) his machine until the customer couldn't fix 
it. 

Q What else do you know about PFC Manning's 

computer skills? 

A He made a couple comments. There was one 

comment, there was no computer he couldn't hack into, 
if people really knew what he would do with computers, 
they would be amazed. 

Q Did PFC Manning have issues with his 

computer at FOB Hammer? 

A Yes, he did. 

Q And can you explain what those issues were? 
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A His co— user, Madaras was his name, he 

approached me first. He was the day shift. Telling me 
that his computer was acting funny. 

MR. COOMBS: Objection, Your Honor. 

Hearsay . 

MR. WHYTE: Just a (INAUDIBLE) to elicit to 
see what steps he took in response to the computer 
problems that they were having. 

THE COURT: Ask him if he learned if there 
were computer problems yes or no and what he did. 
BY MR. WHYTE: 

Q Did you learn of computer problems? 

A Yes, I did. 

Q What did you do in response to those 

computer problems? 

A My standard steps are to have a user 

recreate the problem in front of me so I can see what 
symptoms there are and then troubleshoot from that 
point . 

Q What were some of those troubleshooting 

tactics that you employed? 
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A Based on the symptoms that I was given I 

tried to see if there was, first, fragmentation on the 
drive that may have caused poor performance of the 
applications so see if the hard dive was running out of 
space, which may have been contributed to some 
fragmentations as well. See if their user profiles are 
corrupt and barring all of that, reimage his machine. 

Q So if the profile became corrupt, how would 

that happen? 

A A lot of users would store everything they 

had on their desktop and I explained to them it was 
kind of like snow on the roof of your house . Your roof 
is not meant for all the snow, eventually it ' s going to 
cave in and crash. So they stored all of the data on 
the desktop. It eventually would crash the profile. 

Q What steps did you have to take if the 

profile was corrupt? 

A Usually they couldn ' t log in so I would 

take another hard drive, take their hard drive out and 
put another one in the place that had a similar 
operating system, everything was exactly the same . 
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Pull the information from that hard drive like a USB 
drive, you would pull it to the new drive and let them 
start over . 

Q Is this the reimaging process? 

A Yes, I'm sorry, I'm nervous, that's the 

reimaging process. But only a corrupt profile, I can 
move the data to another folder, delete the profile, 
have them log in and create another profile. 

Q Do you remember what steps you took with 

the PFC Manning computer? 

A I do remember we had to reimage it several 

times . 

Q Can you explain what if this, again for the 

court, what this reimaging process, literally the 
soldier brings you the computer and what did you do 
with it? 

A After exhausting my other troubleshooting 

steps, once I determined that the computer had to be 
reimaged, I had a stack of spare drives . In the 
interest of time so the analyst could get back to work, 
I would take the old hard drive out and insert the new 
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hard drive and configure the network settings . 

Once the computer was back up and running 
as quickly as possible, I would then connect the old 
hard drive to the new hard drive through the USB port 
and universal hard drive adapter and get the data that 
he or she had to have from that drive and transfer it 
back to new drive . 

Q And how often did PFC Manning have issues, 

and I think it's Sergeant Madaras as well, how often 
did they have issues with their computers? 

A Much more frequently than anyone else . 

Q Was PFC Manning authorized to repair the D6 



computer? 
A 

Q 
A 

Q 
A 

Q 

computer? 
A 



No. 

Who was authorized? 
Just me . 

So did you actually reimage their computer? 
Yes, I did. 

How many times did you reimage their 

I don't recall exam how many times. I know 
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it was at least three . 

Q Is that odd? 

A It's odd. 

Q Why? Can you explain why? 

A Unless there's hardware failures, once a 

machine is imaged, it ' s good until something drastic 
happens to it . 

If they run out of hard drive space causing 
the operating system to crash or something or, you 
know, if the hard drive fails itself, there's no need 
to reimage the machine . 

Q In your experience how long did it 

generally take before it needed to be reimaged again? 

A Manning's computer or others? 

Q Others . 

A In general, unless there was a hardware 

failure or something catastrophic, it didn't. 

Q When did PFC Manning and Sergeant Madaras 

have computer issues during the deployment, at what 
stage of the deployment? 

A Shortly after 82nd left I remember Madaras 
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approached me first and a few other times after that 
and relatively short order, like a month or so after 
the previous reimaging. 

Q And at that time in the deployment, how 

many spare hard drives did you have? 

A Probably five or six. 

Q Was that, is that a lot or a little? 

A That ' s probably relatively a lot . 

Q Let ' s talk about administrator rights on 

the D6 machine. Who had administrator rights on the D6 
machines? 

A I had rights and the mentor, his name is 

Marvin Gammage (phonetic) . He was the mentor. 

Q So which soldiers of 210 Mountain had 

administrator rights? 

A None . 

Q Did PFC Manning have administrator rights? 

A No. 

Q So what does it mean you were the 

administrator of the D6 machines? 

A You have full control of the machine. 
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Q So like what things can you do that an 

ordinary user cannot do? 

A If there was Google Earth or Microsoft 

Office or something like that we installed, I could 
install it with full rights and privileges without any 
restrictions . 

Q So was PFC Manning authorized to install 

programs on the D6 machine? 

A No, he was not. 

Q What happened if a soldier wanted a program 

for his D6 machine but it wasn't actually on the 
computer? 

A He needed, he or she, needed to contact me 

and if it was an authorized program that I was allowed 
to install, I would install it. 

If I didn't know if it was authorized, I 
would contact Camp Slayer lead FSE that was stationed 
at Camp Slayer and make the request to him and usually 
we were supposed to fill out an official software 
request form but it was usually done word— of —mouth . 

They were determined at Camp Slayer if it 
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was authorized and if it was they would tell me to load 
it; if it was not, I couldn't load it. 

Q When you were at FOB Hammer, were familiar 

with Wget? 

A No. 

Q When you were at FOB Hammer, did any 

soldier request permission to put Wget on their 
computer? 

A I do not recall anyone asking for it . 

Q At FOB Hammer did you install Wget on any 

D6 computer? 

A Not that I can recall . 

Q Are you familiar with what an executable 

file is? 

A I believe I am, yes . 

Q What is an executable file? 

A An executable file is something that runs 

on its own. It doesn't require other files to operate, 
I guess . 

Q Are you familiar with the installation 

process for an executable file? 
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A Relatively, yes. 

Q What is that process generally? 

A Normally it will have some sort of 

interactive GUI telling you to do a certain process of 
steps to install it. Normally for, like, Microsoft 
Office or something, you would make modifications to 
system files or registry, that kind of thing. 

Q Is Microsoft Office an executable file 

itself is an executable file? 

A I don ' t know that I know the correct answer 

to that. I'm just using that as an example to make 
modifications to a file. 

Q So could a soldier put an executable file 

on their D6 machine? 

A They could, but they wouldn ' t be 

authorized. 

Q Who was authorized to put executable files 

on the D6 machines? 

A Just me or other FSEs . 

Q How would using an executable file allow a 

user to circumvent and he would actually contact you? 
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A Can you say that again? 

Q How would using an executable file 

circumvent the need to come to you, the administrator? 

A If I understand the question correctly, a 

user could install the executable file on the desktop 
without coming to me even though it wouldn ' t be 
authorized? 

Q When you were at FOB Hammer, was Wget an 

authorized executable file? 

A I don't recall but I don't believe so. 

Q Do you know if PFC Manning had Wget on his 

computer? 

A I do not know. 

Q You testified earlier that you were, you 

were responsible for the D6 machines? 
A Correct . 

Q How did you not know if PFC Manning had a 

program on his computer? 

A I didn ' t go behind ever user on a daily 

basis to find out if they had installed something. It 
was understood or I thought it was understood that 
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we ' re all in a position of trust so that was not 
something that was normally done . 

MR. WHYTE : No more questions, Your Honor. 
THE COURT: Cross-examination? 
MR. COOMBS: Yes, Your Honor. 
CROSS-EXAMINATION BY MR. COOMBS: 
Q Mr. Milliman, how are you? 

A Good, how are you? 

Q Just a few questions for you . 

I want to talk about some problems that the 
D6— A computer had due to the environment, okay. Is 
that all right? 

A Yes, sir. 

Q Now, heat was a major problems for the D6— A 

computers, correct? 

A In the beginning it was . But we overcame 

that with some creative methods like using Gatorade 
bottle caps to elevate it off the desktops to get more 
air flow in there . 

Q And the D6— A they would run hot even if 

they were in an air conditioned room so you had to do 
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those kind of creative steps? 
A Correct . 

Q And in addition to heat, the dust from 

being in the desert was a problem for the D6— A 
computers? 

A Correct. It was, very frequently it was, 

it was required to frequently use cans of air to blow 
the dust out of the machines . 

Q That ' s what I was going to ask . You would 

go around behind them and you would spray the 
computers, basically to blow out the dust? 

A A lot of cans of air; yes, sir. 

Q Now, the computers still, in spite of doing 

these things, the creative put a bottle cap underneath 
or blow the dust, they would occasionally crash? 

A Occasionally. 

Q And with regards to the D6-A computers, 

from your experience, there was usually always at least 
two users on each D6— A computer; is that right? 

A For the most part, I believe that's true. 

Q Now, the D6-A computers, at least from the 
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users profiles, those could be corrupt if one or both 
of the users were storing a lot of information on the 
desktop? 

A If one of the two users stored a lot of 

information on the desktop only their profile would be 
corrupt . 

Q Yeah, I think you used an example of, like, 

you know, snow — 
A Right . 

Q — basically piling up on top of your roof 

and caves in because of the weight? 
A Correct . 

Q So if one or both of the users were storing 

a lot on the desktop, one or both of the user profiles 
would become corrupt? 

A One user couldn ' t make another user ' s 

profile become corrupt because of what they did to 
their profile. 

Q So it would only be the user profile that 

had too much information that would be corrupt? 

A Correct . 
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Q You talked about Madaras coming to you 

complaining about his computer that he shared with PFC 
Manning. It was Madaras coming to you to complain 
about the computer, correct? 

A Correct . He was the first one I saw 

because he was on day shift . 

Q It wasn ' t PFC Manning coming to you to 

complain about the computer? 

A I don ' t recall him — he could have 

complained but I don ' t recall . I just remember Madaras 
because he was the first one I saw in the morning, 
that's how it started. 

Q And I guess you said sometimes you had to 

reimage based upon the problems that you encountered? 

A Correct . 

Q Did you have to reimage the computer of PFC 

Manning and Sergeant Madaras? 
A Yes. 

Q And again, that was based upon Sergeant 

Madaras coming to you saying I ' ve got problems with 
this computer? 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



206 

A The reimaging was based on my 

troubleshooting, my diagnosis of what was the other 
steps that had failed to correct the problem. 

Q What precipitated the other steps was 

Madaras coming to you, not PFC Manning? 

A I believe so. 

Q Now, whenever you would try to fix a 

computer that crashed, sometimes you would retrieve 
information, correct? 

A You mean take their information that they 

wanted to save and save it somewhere else? 

Q Maybe that's a bad question. 

If a computer crashed, sometimes you could 
save all the information and sometimes you couldn't; is 
that right? 

A Sometimes I could save the user ' s data and 

sometimes I couldn't, correct. 

Q Okay. When you were looking I guess at 

Sergeant Madaras and PFC Manning's computer, did you 
ever look to see what they had on their desktop that 
was causing the problems? 
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A Well, it's not always the desktop that is 

the problem, but I would usually, the standard 
operating procedure I guess you call it, I would see, 
being the size of the desktop, if they had a large 
amount of data I would say, hey, you need to move that 
to My Documents folder. Otherwise you're going to have 
a profile crash. 

I would see if the hard drive is 
fragmented. I would see if they were running out of 
hard drive space . 

And if those things all seemed in order and 
I couldn ' t find another way to fix the problem, I would 
give them an opportunity. I could tell them I can 
delete your profile and recreate a new one or I can 
reimage your machine . And usually they would just opt 
to have the machine reimaged and skip that step. 

Q At least the time that you reimaged the 

computers from your memory, I know it's been a while, 
but from your memory it was Madaras asking you to 
reimage the computers and not PFC Manning? 

A I don't know 100 percent who requested but 
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I would say probably Madaras . 

Q Okay. I want to ask you a few questions 

about adding software to the D6-A computer. All right? 

A Sure . 

Q And I believe you said on direct that you 

were the only one authorized to do that? 
A Correct . 

Q So if somebody wanted something they would 

come to you and say Mr. Milliman, could I please add or 
could you add this software onto my D6-A computer? 

A Correct . 

Q And they would do that because you were the 

only one in addition to another civilian that had 
administrator rights on those D6— A computers? 

A Correct . 

Q If you were asked to put a program onto the 

D6-A computer could you tell us what the process was 
that you would go through in order to determine that 
yes, I will do that, or, no, I won't do that? 

A If a user approached me requesting a 

program to be loaded onto the D6-A that wasn't part of 
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the baseline, for instance there was a compression 
program that they use as a standard tool . And at the 
first request I didn't know it was authorized or not, 
so I would contact the lead FSE, field software 
engineer, at Camp Slayer, who would then either be able 
to give me a direct answer, or if he didn't know the 
answer he would find out the answer and get back to me 
whether it was authorized or not. 

If it was authorized I would install it; if 
not I wouldn ' t . 

Q Was there ever a time where — do you 

remember the brigade commander for the 210 Mountain, do 
you remember who that was? 

A No, I don't. 

Q Does Colonel Miller sound familiar? 

A Yes and no . It ' s a very common name but I 

don ' t recall that being the commander . 

Q Do you recall a time wherein the brigade 

commander came to you and said, I want to get mIRC chat 
on to my D6— A computers? 

A I don't recall it but it's quite possible 
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that it happened . 

Q Do you recall ever the brigade commander 

signing a form saying I want the D6— A computers to have 
mIRC chat, I'm going to take responsibility for that 
because it ' s not part of the baseline package . Here ' s 
the form, go make it happen. 

A I don't recall that series of events but I 

know there were letters and the standard — we had like 
a little book of memorandums and letters from certain 
folks accepting risk and so forth. 

I know that mIRC chat was not on the 
baseline, the standard baseline for D6— A but it was 
granted authority because it was the tool of choice for 
both the 82nd and 210th Mountain Division and other 
units as well. So they stopped using the D6-A 
collaboration tool and started using mIRC chat . So it 
was common for me to load mIRC chat on D6— A. 

Q So when you did that from your memory, I 

know it's been a while, but based upon your memory, 
that wasn't at the request of the brigade commander? 

A I would say that ' s a fair statement . I 
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don't recall that being directly from the brigade 
commander . 

Q And mIRC chat, the D6— A computer had as 

part of its baseline package a program called cyb jabber? 
A Say it again? 

Q Right . For the baseline package for mIRC 

chat, the collaborative tool, the communication tool 
that they had was cyb jabber; is that correct? 

A I think cyb jabber was a collaboration tool 

for D6-A. 

Q That ' s what I mean . 

A Yeah, I think mIRC chat was a collaboration 

tool they wanted to use instead of cyb jabber. 

Q Exactly. So they were asking you to put 

something on that was not the baseline tool — 

A Correct . 

Q For the D6-A computer? 

A Correct . 

Q And from your memory then you were the one 

adding mIRC chat to anybody ' s computer that asked for 
it, based upon once you got approval? 
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A When I first deployed my second deployment 

as a fly away FSE with the 82nd was my first 
introduction that I recall of mIRC chat . So I went 
through the same steps I described earlier. 

Contacted the lead FSE at Camp Slayer. 
They determined it was a authorized program to be 
installed so from that point on I would install it . 

So when I would reimage a machine or when 
the 210 Mountain came in, it became a standard tool 
that I installed in all the D6— A machines. 

Q When you installed it on all of the 

machines, there would be no need for PFC Manning then 
to go to somebody ' s computer and put mIRC chat on their 
computer? 

A That ' s correct . 

Q And at least from your business, if PFC 

Manning was asked to put mIRC chat on somebody ' s 
computer, that would not have been something you would 
have approved of? 

A Correct . 

Q I know you used the example of an 
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executable file, I just want to make sure that we will 
have a common understanding of that . 

If I had an executable file and I wanted to 
put it on my desktop, something that I double click and 
it ran, could I do that, not from the standpoint of 
approval, but could I do that as far as the ability to 
do it? 

A Yes, the ability is there although the 

authorization is not . 

Q And from your position, if the D6— A 

computers, if you wanted to, could you position the 
D6— A computers in such a way to prevent a person from 
having the ability to put an executable file on the 
desktop? 

A I believe the only way to restrict that to 

take away all the privileges of the user to write to 
their own desktop . I think that would severely impact 
the analysts mission. 

Q So from your position and knowledge, there 

was no way to prevent somebody from putting an 
executable file on the desktop short of eliminating 
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their ability to write anything to the desktop from? 
A My opinion, yes. 

Q Obviously that didn't happen because the 

soldier had the ability to put stuff on their desktop; 
is that right? 

A Yes. 

Q And because they could put it on their 

desktop, if a soldier wanted to they could put games, 
music, movies and executable files on their desktop? 

A That ' s true . 

Q Now, in the past you had noticed that 

soldiers had, in fact, placed music on their D6— A 
computers? 

A Correct . 

Q And games as well? 

A I can't say for certain the 210 did. I 

know other units had, but I can't recall if the 210th 
did or not . 

Q And having games and/or music or executable 

files or whatnot on your D6— A computer, that wasn't 
allowed? 
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A It was not authorized. 

Q From your position? 

A From my position, yeah. 

Q But even because you didn ' t think it was 

allowed, you didn't feel that you were in the position 
to tell the soldier, hey, take that off your D6-A 
computer? 

A I had no authorization to tell a user what 

to put or remove from the computer . I can only make 
suggestions . 

Q When you made suggestions, I imagine you 

might make suggestions to the soldier and then their 
immediate supervisor? 

A Correct . 

Q And then whether or not the soldier or 

supervisor chose to follow your suggestions, you 
wouldn't know at that point? 

A Yeah, that's not for me to know. 

Q And I know you said you weren ' t making it a 

habit of looking at what soldiers were and were not 
placing on their D6— A computers? 
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A Right . The only time I would see the 

computer is when I had to provide updates to the 
operating system or security patches or if I had to 
reimage the machine . 

Q So based upon that I guess you wouldn ' t 

know how prevalent, if at all, it was for soldiers to 
put executable files on their D6— A computers? 

A Correct . 

Q Now, based upon your experience, you did 

have situations where in the past you had military 
members trying to crack the password to the D6— A 
computer? 

A When there ' s a riptow, it was a common 

occurrence — 

Q I'm sorry to stop, the riptow is when two 

units were swapping — 

A Overlap. One would leave (INAUDIBLE) . 

Changes in authority. The new unit coming in would 
bring in their D6— A. The standard philosophy I guess 
or belief of the unit is they're our machines, we have 
full rights, you can't have them as your privileges. 
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So there was a special letter signed by 
somebody saying that only the D6— A FSE had 
administrative privileges not the (INAUDIBLE) . So in 
the very beginning there was friction but we got that 
ironed out so there were a couple of cases where they 
would crack my password and remove the administrator 
account and we would battle it out . 

Q Essentially, my understanding is it was 

basically you educating the military side of the house, 
although you ' re using these computers and although 
they're on your network, these are not your computers, 
is that a fair statement? 

A Not entirely. It was their computer but 

because of the delicacy of the program and the suite of 
tools it used, it required only the D6— A administrators 
to be the ones to have the full administrator rights on 
those machines . 

Q So you would educate them, because of how 

everything was set up, even though it's on your system, 
you use it, technically it is your computer you pay for 
it, but you don't have the ability to tinker with it? 



Provided by Freedom of the Press Foundation 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 



UNOFFICIAL DRAFT - 6/12/13 Afternoon Session 



218 

A Correct . 

Q Now, in the past also whenever you would 

give or put mIRC chat onto a computer, it was a 
specific version of mIRC chat; am I correct? 

A I don ' t recall but it probably was . 

Q Because authorization for programs was 

version— based; am I not correct? You wanted to make 
sure it didn't, it was compatible with everything else 
so it had to be tested that particular version? 

A Those tests would have been run by the FSEs 

at Camp Slayer so I don ' t know and I don ' t think I can 
speak to versions because I don't recall if there was 
different versions of mIRC chat . 

Q If you don't feel you can answer this you 

can tell me I don't feel I can answer it and I won't 
worry about it . 

In your experience whenever you have got 
approval for a certain program, was it a version— based 
approval or was it for the lifetime, you could always 
add whatever version you wanted of that particular 
program? 
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A I think I can answer but it may be a 

lengthy answer. 

Q Go right ahead. 

A We would have — the Camp Slayer FSE ' s 

would deliver new images to be used on D6— A machines. 
Those images would contain, for instance, if there was 
a new version of a program on that image, if a new 
image or a new version of mIRC chat would be 
authorized, it would come with notes saying now we're 
using version B or C or whatever of this program, start 
using this now. 

We also had CDs that we carried that had 
tools to use when we troubleshoot or other programs 
that weren't on the standard D6— A baseline to load on 
those user machines if needed, like the mIRC chat or 
whatever . 

So although I don't recall if there were 
different versions of mIRC chat, it's possible. But it 
would have been tested and vetted before it was allowed 
to be installed. 

Q So if I'm understanding correctly, if you 
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came back and you said version B is the one that ' s 
approved and that's the one that is now the baseline, 
that's approved, and we have got the version BCD; if 
the following day I said, hey, Mr. Milliman I just 
found out version C is available online, I'm going put 
on it my computer, you would say no? 
A Correct . 

Q Okay. So that approval was then for that 

version and if you had a newer version, you were not 
supposed to put that on your computer? 

A Not until it was authorized. 

Q In your past experience you knew of 

soldiers who liked to have the latest version of any 
particular software, right? 

A All soldiers like to have the latest 

software but they didn't always get what they wanted. 

Q Do you recall ever having a situation where 

you did have soldiers putting more recent versions than 
they should have on their D6— A computer? 

A No, I don't. 

Q You don ' t remember ever telling me about a 
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lieutenant who would do that because they liked having 
the latest version of anything? 

A I recall, I don't recall the rank, but I 

recall an officer in the beginning getting the 
compression program installed on his computer. And 
that ' s when we had the password cracking and removing 
of my (INAUDIBLE) account but I don't recall any other 
instance than that . 

Q So it was something early on when they put 

something on and you basically told them hey, you're 
not supposed to do this? 

A Right . 

Q Mr. Milliman, again, I appreciate your 

time. Thank you. 

THE COURT: Redirect? 

MR. WHYTE: No questions, Your Honor. 

THE COURT : I just have a couple . 

EXAMINATION BY THE COURT: 
Q Is mIRC chat an executable file? 

A I think it is . I'm not an expert on it. 

But from what I ' ve read because it was one of the 
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questions that came up, it's a, it appears to be a 
program that can be downloaded and installed directly 
on your desktop. 

Q When you had two users like Sergeant 

Madaras and PFC Manning and one worked the day shift 
and one worked the night shift, if, say, in this 
situation Sergeant Madaras came up and said, I've got 
all these problems with my computer, would you do the 
reimaging before seeing PFC Manning on the night shift 
or how did you do that? 

A No, I made sure I tried to cover both 

shifts . I would come in the middle of the day shift 
and work through the rest of the day and half the night 
shift as well so I can see both users and confirm the 
problems with both users and make sure they were both 
aware what was going on. 

I wouldn ' t want to take the machine down 
and possibly lose data without talking to both users to 
find out what both users needed as data transferred 
from one machine to another or one hard drive to another. 

Q When you reimaged the machine of Sergeant 
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Madaras and PFC Manning, what did PFC Manning say about 
his data, did he want it — 

A They both wanted their data as far as I can 

recall, but I can't recall specific conversation. 

Q But they both wanted their data or all of 

their data, was that typical? 

A That was typical . Most users always wanted 

their data . It was not uncommon . 

THE COURT: Any followup based on that? 
MR . COOMBS : No , ma ' am . 
MR. WHYTE: No ma'am. 

THE COURT: Temporary or permanent? 
MR . WHYTE : Temporary . 

THE COURT: You are temporarily excused. 
Please don't discuss your testimony or knowledge about 
the case with anyone other than counsel or the accused. 

THE WITNESS: Yes, ma'am. 

MR. FEIN: Ma'am, the United States 
requests a 10— minute recess. 

THE COURT: Court is in recess until 1825 

or 6:25. 
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(Brief recess.) 

THE COURT: Let the record reflect all 
parties present when the court last recessed are again 
present in court . 

The parties met with me briefly for an 
RCM802 session and it appears they are working to 
address other stipulations of expected testimony and 
that work will require some time and because of that 
and some other logistic issues to include some weather 
issues that we ' re expecting tomorrow, this court is 
going to go in recess tonight and we will begin again 
like we did last week at 0930 on Monday morning. 

Anything else that the parties would like 

to add? 

MR. FEIN: That was everything, ma'am. 
MR. COOMBS: No. 

THE COURT: Anything we need to address 
before we recess? 

Court is recessed 6:22 until 9:30 a.m. 

Monday . 

(Court adjourned at 6:22 p.m.) 
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